From e00b06926e4acc01e56fefb47e0b45f1ea53436d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 11 Jun 2018 16:22:02 +0200 Subject: Fix for handling IP address based custom categories --- example/ndpiReader.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 5a8f91139..9dacf000a 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -380,7 +380,7 @@ void extcap_config() { struct ndpi_proto_sorter *protos; u_int ndpi_num_supported_protocols = ndpi_get_ndpi_num_supported_protocols(ndpi_info_mod); ndpi_proto_defaults_t *proto_defaults = ndpi_get_proto_defaults(ndpi_info_mod); - + /* -i */ printf("arg {number=%d}{call=-i}{display=Capture Interface}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -601,7 +601,7 @@ static void parseOptions(int argc, char **argv) { extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg); if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); break; - + case 257: _debug_protocols = strdup(optarg); break; @@ -761,10 +761,12 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa fprintf(out, "[proto: %u/%s]", flow->detected_protocol.app_protocol, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); - + if(flow->detected_protocol.category != 0) - fprintf(out, "[cat: %s]", ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol.category)); + fprintf(out, "[cat: %s/%u]", + ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.category), + (unsigned int)flow->detected_protocol.category); fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes); fprintf(out, "%s %u pkts/%llu bytes]", @@ -1487,10 +1489,10 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { while(fd) { char buffer[512], *line, *name, *category; int i; - + if(!(line = fgets(buffer, sizeof(buffer), fd))) break; - + if(((i = strlen(line)) <= 1) || (line[0] == '#')) continue; else @@ -1501,9 +1503,16 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { category = strtok(NULL, "\t"); if(category) { + int fields[4]; + // printf("Loading %s\t%s\n", name, category); - ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, - name, (ndpi_protocol_category_t)atoi(category)); + + if(sscanf(name, "%d.%d.%d.%d", &fields[0], &fields[1], &fields[2], &fields[3]) == 4) + ndpi_load_ip_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, + name, (ndpi_protocol_category_t)atoi(category)); + else + ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, + name, (ndpi_protocol_category_t)atoi(category)); } } } @@ -3199,7 +3208,7 @@ int orginal_main(int argc, char **argv) { printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n"); return(-1); } - + automataUnitTest(); ndpi_info_mod = ndpi_init_detection_module(); -- cgit v1.2.3 From 3986a951d8e032b3a25dc3db8198898658502f15 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 21 Jun 2018 16:13:18 +0200 Subject: Suppressed invalid messages with -q -j now accepts - as stdout --- example/ndpiReader.c | 16 +++++++++++----- src/lib/ndpi_content_match.c.inc | 16 ++++++++-------- 2 files changed, 19 insertions(+), 13 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9dacf000a..9b10fe6c5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -547,7 +547,7 @@ static void parseOptions(int argc, char **argv) { case 'j': #ifndef HAVE_JSON_C - printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); + printf("WARNING: this copy of ndpiReader has been compiled without json-c: JSON export disabled\n"); #else _jsonFilePath = optarg; json_flag = 1; @@ -1897,6 +1897,7 @@ static void printResults(u_int64_t tot_usec) { char buf[32]; #ifdef HAVE_JSON_C FILE *json_fp = NULL; + u_int8_t dont_close_json_fp = 0; json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; @@ -2005,10 +2006,14 @@ static void printResults(u_int64_t tot_usec) { if(json_flag) { #ifdef HAVE_JSON_C - if((json_fp = fopen(_jsonFilePath,"w")) == NULL) { + if(!strcmp(_jsonFilePath, "-")) + json_fp = stderr, dont_close_json_fp = 1; + else if((json_fp = fopen(_jsonFilePath,"w")) == NULL) { printf("Error creating .json file %s\n", _jsonFilePath); json_flag = 0; - } else { + } + + if(json_flag) { jObj_main = json_object_new_object(); jObj_trafficStats = json_object_new_object(); jArray_detProto = json_object_new_array(); @@ -2159,7 +2164,7 @@ static void printResults(u_int64_t tot_usec) { json_object_object_add(jObj_main,"unknown.flows",jArray_unknown_flows); fprintf(json_fp,"%s\n",json_object_to_json_string(jObj_main)); - fclose(json_fp); + if(!dont_close_json_fp) fclose(json_fp); #endif } @@ -2473,7 +2478,8 @@ static void pcap_process_packet(u_char *args, memset(&ndpi_thread_info[thread_id].workflow->stats, 0, sizeof(struct ndpi_stats)); } - printf("\n-------------------------------------------\n\n"); + if(!quiet_mode) + printf("\n-------------------------------------------\n\n"); memcpy(&begin, &end, sizeof(begin)); memcpy(&pcap_start, &pcap_end, sizeof(pcap_start)); diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d65565b3c..ab36cbf48 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8053,6 +8053,14 @@ ndpi_protocol_match host_match[] = { { ".ebaystratus.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".ebayimg.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ + { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "facebook.com", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8221,14 +8229,6 @@ ndpi_protocol_match host_match[] = { { ".snapchat.", NULL, "\\.snapchat\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".snapads.", NULL, "\\.snapads\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".waze.com", NULL, NULL, "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".deezer.com", NULL, NULL, "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 90ffa1fc2ca87b166e9447643deffb8220ae44ec Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 16 Jul 2018 09:21:34 +0200 Subject: Updated twitter invalid address range Using content substring match in category search --- example/ndpiReader.c | 2 +- src/lib/ndpi_content_match.c.inc | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9b10fe6c5..39748cd90 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1465,7 +1465,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, ndpi_pref_dns_dissect_response, 0); ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, - ndpi_pref_enable_category_substring_match, 0); + ndpi_pref_enable_category_substring_match, 1); ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow, on_protocol_discovered, (void *)(uintptr_t)thread_id); diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 60671b3cd..42031fc2b 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -71,7 +71,6 @@ static ndpi_network host_protocol_list[] = { { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xBC40E000 /* 188.64.224.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, { 0xC02C4400 /* 192.44.68.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC030EC00 /* 192.48.236.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, @@ -609,10 +608,10 @@ static ndpi_network host_protocol_list[] = { /* Teamviewer 159.122.189.32-63 */ { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER }, +#if 0 /* IFLIX services -by www.vizuamatix.com R&D team */ - { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, @@ -622,6 +621,7 @@ static ndpi_network host_protocol_list[] = { { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, +#endif /* Citrix GotoMeeting (AS16815, AS21866) @@ -8033,6 +8033,7 @@ ndpi_protocol_match host_match[] = { { "swscan.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tlnk.io", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".apple.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".icloud.com", NULL, NULL, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 01bf295a19c19dc4f521ee40f0c478c794e1b5e4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 16 Aug 2018 14:57:44 +0200 Subject: Completed custom category implementation --- example/ndpiReader.c | 81 +++++++++++++++++---------- src/include/ndpi_api.h | 6 ++ src/include/ndpi_main.h | 60 ++++++++++++++------ src/include/ndpi_typedefs.h | 9 ++- src/lib/Makefile | 2 +- src/lib/ndpi_main.c | 108 +++++++++++++++++++++++++----------- src/lib/protocols/dns.c | 8 ++- src/lib/protocols/fbzero.c | 4 +- src/lib/protocols/http.c | 27 ++++++--- src/lib/protocols/quic.c | 2 + src/lib/protocols/ssl.c | 67 +++++++++++----------- tests/result/pps.pcap.out | 4 +- tests/result/webex.pcap.out | 58 +++++++++---------- tests/result/whatsappfiles.pcap.out | 4 +- 14 files changed, 283 insertions(+), 157 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 39748cd90..faa453ee2 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -111,7 +111,6 @@ struct flow_info { static struct flow_info *all_flows; - struct info_pair { u_int32_t addr; u_int8_t version; /* IP version */ @@ -135,16 +134,15 @@ struct port_stats { u_int32_t cumulative_addr; /*cumulative some of IP addresses */ addr_node *addr_tree; /* tree of distinct IP addresses */ struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; - u_int8_t hasTopHost; /* as boolean flag*/ - u_int32_t top_host; /*host that is contributed to > 95% of traffic*/ - u_int8_t version; /* top host's ip version */ - char proto[16]; /*application level protocol of top host */ - UT_hash_handle hh; /* makes this structure hashable */ + u_int8_t hasTopHost; /* as boolean flag */ + u_int32_t top_host; /* host that is contributed to > 95% of traffic */ + u_int8_t version; /* top host's ip version */ + char proto[16]; /* application level protocol of top host */ + UT_hash_handle hh; /* makes this structure hashable */ }; struct port_stats *srcStats = NULL, *dstStats = NULL; - // struct to hold count of flows received by destination ports struct port_flow_info { u_int32_t port; /* key */ @@ -349,6 +347,8 @@ struct ndpi_proto_sorter { char name[16]; }; +/* ********************************** */ + int cmpProto(const void *_a, const void *_b) { struct ndpi_proto_sorter *a = (struct ndpi_proto_sorter*)_a; struct ndpi_proto_sorter *b = (struct ndpi_proto_sorter*)_b; @@ -356,6 +356,8 @@ int cmpProto(const void *_a, const void *_b) { return(strcmp(a->name, b->name)); } +/* ********************************** */ + int cmpFlows(const void *_a, const void *_b) { struct ndpi_flow_info *fa = ((struct flow_info*)_a)->flow; struct ndpi_flow_info *fb = ((struct flow_info*)_b)->flow; @@ -375,6 +377,8 @@ int cmpFlows(const void *_a, const void *_b) { return(0); } +/* ********************************** */ + void extcap_config() { int i, argidx = 0; struct ndpi_proto_sorter *protos; @@ -656,12 +660,12 @@ static void parseOptions(int argc, char **argv) { #endif } +/* ********************************** */ /** * @brief From IPPROTO to string NAME */ static char* ipProto2Name(u_int16_t proto_id) { - static char proto[8]; switch(proto_id) { @@ -689,12 +693,12 @@ static char* ipProto2Name(u_int16_t proto_id) { return(proto); } +/* ********************************** */ /** * @brief A faster replacement for inet_ntoa(). */ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { - char *cp, *retStr; uint byte; int n; @@ -723,6 +727,8 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { return(retStr); } +/* ********************************** */ + /** * @brief Print the flow */ @@ -792,16 +798,20 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->dst_port))); if(flow->detected_protocol.master_protocol) - json_object_object_add(jObj,"detected.master_protocol",json_object_new_int(flow->detected_protocol.master_protocol)); + json_object_object_add(jObj,"detected.master_protocol", + json_object_new_int(flow->detected_protocol.master_protocol)); - json_object_object_add(jObj,"detected.app_protocol",json_object_new_int(flow->detected_protocol.app_protocol)); + json_object_object_add(jObj,"detected.app_protocol", + json_object_new_int(flow->detected_protocol.app_protocol)); if(flow->detected_protocol.master_protocol) { char tmp[256]; snprintf(tmp, sizeof(tmp), "%s.%s", - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.master_protocol), - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.master_protocol), + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.app_protocol)); json_object_object_add(jObj,"detected.protocol.name", json_object_new_string(tmp)); @@ -836,12 +846,13 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa } } +/* ********************************** */ /** * @brief Unknown Proto Walker */ -static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - +static void node_print_unknown_proto_walker(const void *node, + ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); @@ -854,11 +865,13 @@ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, } } +/* ********************************** */ + /** * @brief Known Proto Walker */ -static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - +static void node_print_known_proto_walker(const void *node, + ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); @@ -871,6 +884,7 @@ static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, in } } +/* ********************************** */ /** * @brief Guess Undetected Protocol @@ -890,6 +904,7 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi return(flow->detected_protocol.app_protocol); } +/* ********************************** */ /** * @brief Proto Guess Walker @@ -909,6 +924,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->src2dst_packets + flow->dst2src_packets; ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->src2dst_bytes + flow->dst2src_bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; @@ -1354,7 +1370,6 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi * @brief Idle Scan Walker */ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t thread_id = *((u_int16_t *) user_data); @@ -1386,7 +1401,6 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, static void on_protocol_discovered(struct ndpi_workflow * workflow, struct ndpi_flow_info * flow, void * udata) { - const u_int16_t thread_id = (uintptr_t) udata; if(verbose > 1) { @@ -1446,7 +1460,6 @@ static void debug_printf(u_int32_t protocol, void *id_struct, * @brief Setup for detection begin */ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { - NDPI_PROTOCOL_BITMASK all; struct ndpi_workflow_prefs prefs; @@ -1468,16 +1481,20 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { ndpi_pref_enable_category_substring_match, 1); ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow, - on_protocol_discovered, (void *)(uintptr_t)thread_id); + on_protocol_discovered, + (void *)(uintptr_t)thread_id); // enable all protocols NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all); // clear memory for results - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter)); - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes)); - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows)); if(_protoFilePath != NULL) ndpi_load_protocols_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _protoFilePath); @@ -1608,7 +1625,9 @@ static void json_open_stats_file() { static void json_close_stats_file() { json_object *jObjFinal = json_object_new_object(); - json_object_object_add(jObjFinal,"duration.in.seconds",json_object_new_int(pcap_analysis_duration)); + + json_object_object_add(jObjFinal,"duration.in.seconds", + json_object_new_int(pcap_analysis_duration)); json_object_object_add(jObjFinal,"statistics", jArray_topStats); fprintf(stats_fp,"%s\n",json_object_to_json_string(jObjFinal)); fclose(stats_fp); @@ -1910,8 +1929,10 @@ static void printResults(u_int64_t tot_usec) { continue; for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); - if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], + node_proto_guess_walker, &thread_id); + if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], + port_stats_walker, &thread_id); } /* Stats aggregation */ @@ -2396,11 +2417,11 @@ static void pcap_process_packet(u_char *args, if(live_capture) { if(ndpi_thread_info[thread_id].last_idle_scan_time + IDLE_SCAN_PERIOD < ndpi_thread_info[thread_id].workflow->last_time) { /* scan for idle flows */ - ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_idle_scan_walker, &thread_id); + ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], + node_idle_scan_walker, &thread_id); /* remove idle flows (unfortunately we cannot do this inline) */ - while (ndpi_thread_info[thread_id].num_idle_flows > 0) { - + while(ndpi_thread_info[thread_id].num_idle_flows > 0) { /* search and delete the idle flow from the "ndpi_flow_root" (see struct reader thread) - here flows are the node of a b-tree */ ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows], &ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 358c0491c..3fefc8e4b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -346,6 +346,7 @@ extern "C" { * @par ndpi_struct = the detection module * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par is_host_match = value of the second field of struct ndpi_automa * @return the ID of the matched subprotocol * @@ -353,6 +354,7 @@ extern "C" { int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match); /** * Check if the host passed match with a protocol @@ -361,6 +363,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -369,6 +372,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); @@ -379,6 +383,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -387,6 +392,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); /** * Exclude protocol from search diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index b18efa21a..3517d45b2 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -53,34 +53,55 @@ extern "C" { extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, u_int32_t net, u_int32_t num_bits); - u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - - u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + + u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); - extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); + extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t counter); - extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, - u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, + extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category); + + extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_breed_t protoBreed, u_int16_t protoId, + u_int16_t tcp_alias_protoId[2], + u_int16_t udp_alias_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts); + ndpi_port_range *tcpDefPorts, + ndpi_port_range *udpDefPorts); extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet); extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow); @@ -90,8 +111,10 @@ extern "C" { extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); - extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip); - extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet); + extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const ndpi_ip_addr_t * ip); + extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const struct ndpi_packet_struct *packet); extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); @@ -102,7 +125,8 @@ extern "C" { extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto); extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p); - extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, + extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, + u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); #/* NDPI_PROTOCOL_NETBIOS */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 244074044..3d0eccab7 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1099,8 +1099,9 @@ struct ndpi_flow_struct { /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */ NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; - + ndpi_protocol_category_t category; + /* NDPI_PROTOCOL_REDIS */ u_int8_t redis_s2d_first_char, redis_d2s_first_char; @@ -1207,4 +1208,10 @@ typedef struct { u_int8_t value; } ndpi_network; +typedef struct { + int protocol_id; + ndpi_protocol_category_t protocol_category; + ndpi_protocol_breed_t protocol_breed; +} ndpi_protocol_match_result; + #endif /* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/Makefile b/src/lib/Makefile index c9f317931..19c6f1cfe 100644 --- a/src/lib/Makefile +++ b/src/lib/Makefile @@ -6,7 +6,7 @@ # make -f Makefile.simple # CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g -RANLIB=ranlib +RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 494c93bd0..952026ce6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -413,15 +413,13 @@ u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return sizeof(struct /* *********************************************************************************** */ -char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) -{ +char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) { return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName); } /* *********************************************************************************** */ -u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) -{ +u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod); for(i = 0; i < num; i++) @@ -438,8 +436,7 @@ ndpi_port_range * ndpi_build_default_ports_range(ndpi_port_range *ports, u_int16_t portB_low, u_int16_t portB_high, u_int16_t portC_low, u_int16_t portC_high, u_int16_t portD_low, u_int16_t portD_high, - u_int16_t portE_low, u_int16_t portE_high) -{ + u_int16_t portE_low, u_int16_t portE_high) { int i = 0; ports[i].port_low = portA_low, ports[i].port_high = portA_high; i++; @@ -458,8 +455,7 @@ ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, u_int16_t portB, u_int16_t portC, u_int16_t portD, - u_int16_t portE) -{ + u_int16_t portE) { int i = 0; ports[i].port_low = portA, ports[i].port_high = portA; i++; @@ -753,8 +749,7 @@ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct /* ******************************************************************** */ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_protocol_match *match) -{ + ndpi_protocol_match *match) { u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; static u_int16_t generic_id = NDPI_LAST_IMPLEMENTED_PROTOCOL; @@ -2634,7 +2629,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { -/* NDPI_PROTOCOL_TOR */ + /* NDPI_PROTOCOL_TOR */ ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); } else { if(do_add) @@ -4172,6 +4167,11 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { + if(flow->category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) { + ret->category = flow->category; + return; + } + if(ndpi_struct->custom_categories.categories_loaded) { if(flow->packet.iph) { prefix_t prefix; @@ -4189,7 +4189,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc } if(node) { - ret->category = (ndpi_protocol_category_t)node->value.user_value; + flow->category = ret->category = (ndpi_protocol_category_t)node->value.user_value; return; } } @@ -4199,7 +4199,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->host_server_name, &id); if(rc == 0) { - ret->category = (ndpi_protocol_category_t)id; + flow->category = ret->category = (ndpi_protocol_category_t)id; return; } } @@ -4209,13 +4209,13 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.server_certificate, &id); if(rc == 0) { - ret->category = (ndpi_protocol_category_t)id; + flow->category = ret->category = (ndpi_protocol_category_t)id; return; } } } - ret->category = ndpi_get_proto_category(ndpi_struct, *ret); + flow->category = ret->category = ndpi_get_proto_category(ndpi_struct, *ret); } /* ********************************************************************************* */ @@ -4347,6 +4347,19 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; + + if(flow->packet.tcp) { + /* Minimal guess for HTTP/SSL-based protocols */ + switch(ntohs(flow->packet.tcp->dest)) { + case 80: + ret.master_protocol = NDPI_PROTOCOL_HTTP; + break; + case 443: + ret.master_protocol = NDPI_PROTOCOL_SSL; /* QUIC could also match */ + break; + } + } + ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet); ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); @@ -4921,10 +4934,11 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct /* ********************************************************************************* */ -u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return, - u_int8_t * l4_protocol_return, u_int32_t flags) -{ - return ndpi_detection_get_l4_internal(NULL, l3, l3_len, l4_return, l4_len_return, l4_protocol_return, flags); +u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, + const u_int8_t ** l4_return, u_int16_t * l4_len_return, + u_int8_t * l4_protocol_return, u_int32_t flags) { + return ndpi_detection_get_l4_internal(NULL, l3, l3_len, + l4_return, l4_len_return, l4_protocol_return, flags); } /* ********************************************************************************* */ @@ -4932,8 +4946,7 @@ u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_in void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol) -{ + u_int16_t lower_detected_protocol) { struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -4969,7 +4982,8 @@ void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str u_int16_t lower_detected_protocol) { if(!flow) return; - flow->detected_protocol_stack[0] = upper_detected_protocol, flow->detected_protocol_stack[1] = lower_detected_protocol; + flow->detected_protocol_stack[0] = upper_detected_protocol, + flow->detected_protocol_stack[1] = lower_detected_protocol; } /* ********************************************************************************* */ @@ -5018,6 +5032,14 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ +void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category) { + flow->category = protocol_category; +} + +/* ********************************************************************************* */ + /* change protocol only if guessing is active */ /* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */ /* struct ndpi_flow_struct *flow) */ @@ -5600,22 +5622,29 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { - AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; AC_TEXT_t ac_input_text; - ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; - - if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); + ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : + &ndpi_struct->content_automa; + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; + + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) + return(NDPI_PROTOCOL_UNKNOWN); if(!automa->ac_automa_finalized) { ac_automata_finalize((AC_AUTOMATA_t*)automa->ac_automa); automa->ac_automa_finalized = 1; } - + ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, &match); ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); - + + ret_match->protocol_id = match.number, + ret_match->protocol_category = match.category, + ret_match->protocol_breed = match.breed; + return(match.number); } @@ -5627,10 +5656,15 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { - int matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len, is_host_match); + int matching_protocol_id; struct ndpi_packet_struct *packet = &flow->packet; + matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, + string_to_match_len, ret_match, + is_host_match); + #ifdef DEBUG { char m[256]; @@ -5650,8 +5684,9 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str packet->detected_protocol_stack[0] = matching_protocol_id; flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0], - flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1]; - + flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1], + flow->category = ret_match->protocol_category; + return(packet->detected_protocol_stack[0]); } @@ -5679,10 +5714,15 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id, + ndpi_automa_match_string_subprotocol *ret_match, u_int8_t is_host_match) { int rv = NDPI_PROTOCOL_UNKNOWN; struct hs *hs = (struct hs*)ndpi_struct->hyperscan; + /* + TODO HYPERSCAN + In case of match fill up ret_match and set flow protocol + category + */ if(hs_scan(hs->database, string_to_match, string_to_match_len, 0, hs->scratch, hyperscanEventHandler, &rv) != HS_SUCCESS) @@ -5698,10 +5738,11 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, string_to_match, string_to_match_len, - master_protocol_id, 1)); + master_protocol_id, ret_match, 1)); } /* ****************************************************** */ @@ -5709,10 +5750,11 @@ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, string_to_match, string_to_match_len, - master_protocol_id, 0)); + master_protocol_id, ret_match, 0)); } /* ****************************************************** */ diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 6ffa74a27..90be9544c 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -207,12 +207,16 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs); - if(j > 0) + if(j > 0) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_DNS); - + } + #ifdef DNS_DEBUG NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", flow->protos.dns.num_queries, flow->protos.dns.num_answers, diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c index 3048bff79..6c818e3c7 100644 --- a/src/lib/protocols/fbzero.c +++ b/src/lib/protocols/fbzero.c @@ -84,7 +84,8 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct, && (t->tag[2] == 'I') && (t->tag[3] == '\0')) { char *value = (char*)&packet->payload[data_offset + data_prev_offset]; u_int tag_len = t->tag_offset_len-data_prev_offset, max_len; - + ndpi_protocol_match_result ret_match; + max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1); strncpy((char*)flow->host_server_name, value, max_len); @@ -99,6 +100,7 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct, ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_FBZERO); return; } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index e03b48710..94d918e76 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -172,7 +172,8 @@ static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct, static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { if((flow->l4.tcp.http_stage == 0) || (flow->http.url && flow->http_detected)) { char *double_col = strchr((char*)flow->host_server_name, ':'); - + ndpi_protocol_match_result ret_match; + if(double_col) double_col[0] = '\0'; /** @@ -182,6 +183,7 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc */ ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_HTTP); } } @@ -349,12 +351,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ packet->host_line.len, packet->host_line.ptr); /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */ - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) + if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len, + &ret_match, NDPI_PROTOCOL_HTTP); - + } + /* Copy result for nDPI apps */ if(!ndpi_struct->disable_metadata_export) { len = ndpi_min(packet->host_line.len, sizeof(flow->host_server_name)-1); @@ -395,12 +401,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) - && (packet->http_origin.len > 0)) + && (packet->http_origin.len > 0)) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)packet->http_origin.ptr, packet->http_origin.len, + &ret_match, NDPI_PROTOCOL_HTTP); - + } + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { NDPI_LOG_INFO(ndpi_struct, "found HTTP/%s\n", @@ -440,10 +450,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) + if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) { + ndpi_protocol_match_result ret_match; + ndpi_match_content_subprotocol(ndpi_struct, flow, (char*)packet->content_line.ptr, packet->content_line.len, - NDPI_PROTOCOL_HTTP); + &ret_match, NDPI_PROTOCOL_HTTP); + } } } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 4c838f41f..e28db634a 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -107,6 +107,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, if((sni_offset+len) < udp_len) { if(!ndpi_struct->disable_metadata_export) { int max_len = sizeof(flow->host_server_name)-1, j = 0; + ndpi_protocol_match_result ret_match; if(len > max_len) len = max_len; @@ -118,6 +119,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_QUIC); } } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index a277f8120..b8c36976b 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -327,13 +327,13 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi } /* Client hello, Server Hello, and certificate packets probably all checked in this case */ if ((packet->ssl_certificate_num_checks >= 3) - && (flow->l4.tcp.seen_syn) - && (flow->l4.tcp.seen_syn_ack) - && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) - { - /* We're done processing extra packets since we've probably checked all possible cert packets */ - return 0; - } + && (flow->l4.tcp.seen_syn) + && (flow->l4.tcp.seen_syn_ack) + && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) + { + /* We're done processing extra packets since we've probably checked all possible cert packets */ + return 0; + } } /* 1 means keep looking for more packets */ return 1; @@ -368,22 +368,27 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s #ifdef CERTIFICATE_DEBUG NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate); #endif + ndpi_protocol_match_result ret_match; u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, - strlen(certificate), NDPI_PROTOCOL_SSL); + strlen(certificate), + &ret_match, + NDPI_PROTOCOL_SSL); + if(subproto != NDPI_PROTOCOL_UNKNOWN) { - /* If we've detected the subprotocol from client certificate but haven't had a chance - * to see the server certificate yet, set up extra packet processing to wait - * a few more packets. */ - if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { - sslInitExtraPacketProcessing(0, flow); - } - ndpi_set_detected_protocol(ndpi_struct, flow, subproto, - ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); - return(rc); /* Fix courtesy of Gianluca Costa */ - } + /* If we've detected the subprotocol from client certificate but haven't had a chance + * to see the server certificate yet, set up extra packet processing to wait + * a few more packets. */ + if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { + sslInitExtraPacketProcessing(0, flow); + } + + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, + ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); + return(rc); /* Fix courtesy of Gianluca Costa */ + } - if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) - return(rc); + if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) + return(rc); } if(((packet->ssl_certificate_num_checks >= 2) @@ -394,9 +399,9 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s /* || (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') */ ) { ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); - } + } + } } - } return(0); } @@ -480,7 +485,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL_NO_CERT); } else NDPI_LOG_INFO(ndpi_struct, "found ssl\n"); - ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); + ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } } @@ -516,16 +521,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct u_int32_t cert_start; NDPI_LOG_DBG2(ndpi_struct, - "maybe SSLv3 server hello split into smaller packets\n"); + "maybe SSLv3 server hello split into smaller packets\n"); /* lets hope at least the server hello and the start of the certificate block are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 4; NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", - cert_start); + cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { NDPI_LOG_DBG2(ndpi_struct, - "found 0x0b at suspected start of certificate block\n"); + "found 0x0b at suspected start of certificate block\n"); return 2; } } @@ -536,16 +541,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct u_int32_t cert_start; NDPI_LOG_DBG2(ndpi_struct, - "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); + "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); /* lets hope at least the server hello record and the start of the certificate record are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 5 + 4; NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", - cert_start); + cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { NDPI_LOG_DBG2(ndpi_struct, - "found 0x0b at suspected start of certificate block\n"); + "found 0x0b at suspected start of certificate block\n"); return 2; } } @@ -603,7 +608,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc * so go on checking for certificate patterns for a couple more packets */ NDPI_LOG_DBG2(ndpi_struct, - "ssl flow but check another packet for patterns\n"); + "ssl flow but check another packet for patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { /* still ssl so check another packet */ @@ -685,7 +690,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc return; } else if(ret == 2) { NDPI_LOG_DBG2(ndpi_struct, - "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); + "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { flow->l4.tcp.ssl_stage = 3; diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 5b3c3e7ce..a8259c514 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -23,11 +23,11 @@ GenericProtocol 1429 1780307 49 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index fbf341918..ecd0f6432 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -6,36 +6,36 @@ Google 17 6375 1 Webex 1380 818407 43 Amazon 3 174 1 - 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] - 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] - 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] - 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] - 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] - 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] - 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] + 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] + 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] + 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] + 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] + 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] + 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] + 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes] - 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] + 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] - 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] - 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] - 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] - 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] - 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] - 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] - 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] - 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] + 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] + 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] + 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] + 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] + 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] + 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] + 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com] - 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] - 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] - 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] - 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] + 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] + 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] + 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] + 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes] 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes] 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes] @@ -44,8 +44,8 @@ Amazon 3 174 1 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes] - 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] - 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] + 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] + 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out index e6e8f0fa7..40d4fa391 100644 --- a/tests/result/whatsappfiles.pcap.out +++ b/tests/result/whatsappfiles.pcap.out @@ -1,4 +1,4 @@ WhatsAppFiles 620 452233 2 - 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes] - 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes] + 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes] + 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes] -- cgit v1.2.3 From 71b2c19cf28f72ad2e876719af88c7841c2aea84 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 10 Nov 2018 16:10:22 +0100 Subject: Added DPDK support to ndpiReader --- configure.seed | 11 ++++- example/Makefile.dpdk.in | 27 ++++++++++++ example/Makefile.in | 5 ++- example/README.DPDK | 31 ++++++++++++++ example/ndpiReader.c | 106 ++++++++++++++++++++++++++++++++++++++--------- example/ndpi_util.c | 78 ++++++++++++++++++++++++++++------ example/ndpi_util.h | 18 ++++++++ 7 files changed, 242 insertions(+), 34 deletions(-) create mode 100644 example/Makefile.dpdk.in create mode 100644 example/README.DPDK (limited to 'example/ndpiReader.c') diff --git a/configure.seed b/configure.seed index f3b267904..11220f885 100644 --- a/configure.seed +++ b/configure.seed @@ -40,6 +40,14 @@ AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) PCAP_HOME=$HOME/PF_RING/userland +DPDK_TARGET= +if test -d $HOME/DPDK; then : + echo "Enabling DPDK support in ndpiReader" + DPDK_TARGET=dpdk +else + echo "DPDK support disabled (missing $HOME/DPDK)" +fi + if test -d $PCAP_HOME; then : echo -n "" else @@ -138,7 +146,7 @@ AC_ARG_ENABLE([debug-messages], AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) -AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile]) +AC_CONFIG_FILES([Makefile example/Makefile example/Makefile.dpdk tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile]) AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) @@ -152,6 +160,7 @@ AC_SUBST(PCAP_LIB) AC_SUBST(DL_LIB) AC_SUBST(HS_LIB) AC_SUBST(HS_INC) +AC_SUBST(DPDK_TARGET) AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) AC_OUTPUT diff --git a/example/Makefile.dpdk.in b/example/Makefile.dpdk.in new file mode 100644 index 000000000..8519d7d0e --- /dev/null +++ b/example/Makefile.dpdk.in @@ -0,0 +1,27 @@ +# +# Run 'make -f Makefile.dpdk' to compile the DPDK examples +# +# See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup +# +ifeq ($(RTE_SDK),) +#$(error "Please define RTE_SDK environment variable") +RTE_SDK = $(HOME)/DPDK +RTE_TARGET = build +endif + +# Default target, can be overridden by command line or environment +RTE_TARGET ?= x86_64-native-linuxapp-gcc + +include $(RTE_SDK)/mk/rte.vars.mk + +APP = ndpiReader +LIBNDPI = $(PWD)/../src/lib/libndpi.a + +SRCS-y := ndpi_util.c ndpiReader.c + +CFLAGS += -g +CFLAGS += -Wno-strict-prototypes -Wno-missing-prototypes -Wno-missing-declarations -Wno-unused-parameter -I $(PWD)/../src/include @CFLAGS@ -DUSE_DPDK +LDLIBS = $(LIBNDPI) -lpthread @LDFLAGS@ + +include $(RTE_SDK)/mk/rte.extapp.mk + diff --git a/example/Makefile.in b/example/Makefile.in index 8c18f94dc..a5ca6acce 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -5,7 +5,7 @@ LDFLAGS=$(LIBNDPI) -lpcap -lpthread @LDFLAGS@ OBJS=ndpiReader.o ndpi_util.o PREFIX?=/usr/local -all: ndpiReader +all: ndpiReader @DPDK_TARGET@ ndpiReader: $(OBJS) $(LIBNDPI) $(CXX) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS) @@ -16,6 +16,9 @@ ndpiReader: $(OBJS) $(LIBNDPI) install: cp ndpiReader $(DESTDIR)$(PREFIX)/bin +dpdk: + make -f Makefile.dpdk + clean: /bin/rm -f *.o ndpiReader diff --git a/example/README.DPDK b/example/README.DPDK new file mode 100644 index 000000000..472597c3f --- /dev/null +++ b/example/README.DPDK @@ -0,0 +1,31 @@ +Prerequisites +------------- + +You need to install and compile DPDK in your HOME directory as explained in +See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup + +Once DPDK is built make sure to create a symbolic link + +$ cd +$ ln -s dpdk-18.08 DPDK + +so the build process will use the DPDK directory letting you have multiple +DPDK versions available on your system + + +Build +----- +Everything will happen automagically but if you want to do it by hand +do: make -f Makefile.dpdk + + +Run Application +--------------- +Supposing to capture packets from device eno1 you can start the +application as follows: + +sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1 + +NOTE: +- ndpiReader without DPDK support sits in this directory +- ndpiReader with DPDK support can be found inside the ./build directory diff --git a/example/ndpiReader.c b/example/ndpiReader.c index faa453ee2..89f5714a8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -204,7 +204,9 @@ typedef struct ndpi_id { // used memory counters u_int32_t current_ndpi_memory = 0, max_ndpi_memory = 0; - +#ifdef USE_DPDK +static int dpdk_port_id = 0, dpdk_run_capture = 1; +#endif void test_lib(); /* Forward */ @@ -227,7 +229,11 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle); static void help(u_int long_help) { printf("Welcome to nDPI %s\n\n", ndpi_revision()); - printf("ndpiReader -i [-f ][-s ][-m ]\n" + printf("ndpiReader " +#ifndef USE_DPDK + "-i " +#endif + "[-f ][-s ][-m ]\n" " [-p ][-l [-q][-d][-h][-t][-v ]\n" " [-n ][-w ][-c ][-j ][-x ]\n\n" "Usage:\n" @@ -457,7 +463,18 @@ static void parseOptions(int argc, char **argv) { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - while ((opt = getopt_long(argc, argv, "c:df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:x:", longopts, &option_idx)) != EOF) { +#ifdef USE_DPDK + { + int ret = rte_eal_init(argc, argv); + + if(ret < 0) + rte_exit(EXIT_FAILURE, "Error with EAL initialization\n"); + + argc -= ret, argv += ret; + } +#endif + + while((opt = getopt_long(argc, argv, "c:df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:x:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); #endif @@ -603,7 +620,7 @@ static void parseOptions(int argc, char **argv) { case '9': extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg); - if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); + if(extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); break; case 257: @@ -616,6 +633,7 @@ static void parseOptions(int argc, char **argv) { } } +#ifndef USE_DPDK if(!bpf_filter_flag) { if(do_capture) { quiet_mode = 1; @@ -630,7 +648,7 @@ static void parseOptions(int argc, char **argv) { if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */ num_threads = 0; /* setting number of threads = number of interfaces */ __pcap_file = strtok(_pcap_file[0], ","); - while (__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) { + while(__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) { _pcap_file[num_threads++] = __pcap_file; __pcap_file = strtok(NULL, ","); } @@ -647,13 +665,14 @@ static void parseOptions(int argc, char **argv) { if(num_cores > 1 && bind_mask != NULL) { char *core_id = strtok(bind_mask, ":"); thread_id = 0; - while (core_id != NULL && thread_id < num_threads) { + while(core_id != NULL && thread_id < num_threads) { core_affinity[thread_id++] = atoi(core_id) % num_cores; core_id = strtok(NULL, ":"); } } #endif } +#endif #ifdef DEBUG_TRACE if(trace) fclose(trace); @@ -719,7 +738,7 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { } *--cp = '.'; addr >>= 8; - } while (--n > 0); + } while(--n > 0); /* Convert the string to lowercase */ retStr = (char*)(cp+1); @@ -769,7 +788,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); if(flow->detected_protocol.category != 0) - fprintf(out, "[cat: %s/%u]", + fprintf(out, "[cat: %s/%u]", ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.category), (unsigned int)flow->detected_protocol.category); @@ -924,7 +943,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); - + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->src2dst_packets + flow->dst2src_packets; ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->src2dst_bytes + flow->dst2src_bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; @@ -985,7 +1004,7 @@ int updateIpTree(u_int32_t key, u_int8_t version, if(rootp == (addr_node **)0) return 0; - while (*rootp != (addr_node *)0) { + while(*rootp != (addr_node *)0) { /* Knuth's T1: */ if((version == (*rootp)->version) && (key == (*rootp)->addr)) { /* T2: */ @@ -1015,7 +1034,7 @@ int updateIpTree(u_int32_t key, u_int8_t version, /* *********************************************** */ void freeIpTree(addr_node *root) { - if (root == NULL) + if(root == NULL) return; freeIpTree(root->left); @@ -1210,9 +1229,9 @@ static void deleteReceivers(struct receiver *receivers) { /* *********************************************** */ /* implementation of: https://jeroen.massar.ch/presentations/files/FloCon2010-TopK.pdf * - * if (table1.size < max1 || acceptable){ + * if(table1.size < max1 || acceptable){ * create new element and add to the table1 - * if (table1.size > max2) { + * if(table1.size > max2) { * cut table1 back to max1 * merge table 1 to table2 * if(table2.size > max1) @@ -2266,9 +2285,13 @@ free_stats: * @brief Force a pcap_dispatch() or pcap_loop() call to return */ static void breakPcapLoop(u_int16_t thread_id) { +#ifdef USE_DPDK + dpdk_run_capture = 0; +#else if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { pcap_breakloop(ndpi_thread_info[thread_id].workflow->pcap_handle); } +#endif } /** @@ -2335,15 +2358,26 @@ static void configurePcapHandle(pcap_t * pcap_handle) { * @brief Open a pcap file or a specified device - Always returns a valid pcap_t */ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_file) { - u_int snaplen = 1536; int promisc = 1; char pcap_error_buffer[PCAP_ERRBUF_SIZE]; pcap_t * pcap_handle = NULL; /* trying to open a live interface */ - if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc, - 500, pcap_error_buffer)) == NULL) { +#ifdef USE_DPDK + struct rte_mempool *mbuf_pool = rte_pktmbuf_pool_create("MBUF_POOL", NUM_MBUFS, + MBUF_CACHE_SIZE, 0, + RTE_MBUF_DEFAULT_BUF_SIZE, + rte_socket_id()); + + if(mbuf_pool == NULL) + rte_exit(EXIT_FAILURE, "Cannot create mbuf pool: are hugepages ok?\n"); + + if(dpdk_port_init(dpdk_port_id, mbuf_pool) != 0) + rte_exit(EXIT_FAILURE, "DPDK: Cannot init port %u: please see README.dpdk\n", dpdk_port_id); +#else + if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, + promisc, 500, pcap_error_buffer)) == NULL) { capture_for = capture_until = 0; live_capture = 0; @@ -2370,11 +2404,17 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi } else { live_capture = 1; - if((!json_flag) && (!quiet_mode)) + if((!json_flag) && (!quiet_mode)) { +#ifdef USE_DPDK + printf("Capturing from DPDK (port 0)...\n"); +#else printf("Capturing live traffic from device %s...\n", pcap_file); +#endif + } } configurePcapHandle(pcap_handle); +#endif /* !DPDK */ if(capture_for > 0) { if((!json_flag) && (!quiet_mode)) @@ -2520,13 +2560,13 @@ static void runPcapLoop(u_int16_t thread_id) { * @brief Process a running thread */ void * processing_thread(void *_thread_id) { - long thread_id = (long) _thread_id; char pcap_error_buffer[PCAP_ERRBUF_SIZE]; #if defined(linux) && defined(HAVE_PTHREAD_SETAFFINITY_NP) if(core_affinity[thread_id] >= 0) { cpu_set_t cpuset; + CPU_ZERO(&cpuset); CPU_SET(core_affinity[thread_id], &cpuset); @@ -2539,6 +2579,33 @@ void * processing_thread(void *_thread_id) { #endif if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id); +#ifdef USE_DPDK + while(dpdk_run_capture) { + struct rte_mbuf *bufs[BURST_SIZE]; + u_int16_t num = rte_eth_rx_burst(dpdk_port_id, 0, bufs, BURST_SIZE); + u_int i; + + if(num == 0) { + usleep(1); + continue; + } + + for(i = 0; i < PREFETCH_OFFSET && i < num; i++) + rte_prefetch0(rte_pktmbuf_mtod(bufs[i], void *)); + + for(i = 0; i < num; i++) { + char *data = rte_pktmbuf_mtod(bufs[i], char *); + int len = rte_pktmbuf_pkt_len(bufs[i]); + struct pcap_pkthdr h; + + h.len = h.caplen = len; + gettimeofday(&h.ts, NULL); + + pcap_process_packet((u_char*)&thread_id, &h, (const u_char *)data); + rte_pktmbuf_free(bufs[i]); + } + } +#else pcap_loop: runPcapLoop(thread_id); @@ -2551,6 +2618,7 @@ pcap_loop: goto pcap_loop; } } +#endif return NULL; } @@ -3239,7 +3307,7 @@ int orginal_main(int argc, char **argv) { automataUnitTest(); ndpi_info_mod = ndpi_init_detection_module(); - if (ndpi_info_mod == NULL) return -1; + if(ndpi_info_mod == NULL) return -1; memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 977a246ec..1a0d45914 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -219,7 +219,7 @@ void ndpi_flow_info_freer(void *node) { /* ***************************************************** */ void ndpi_workflow_free(struct ndpi_workflow * workflow) { - int i; + u_int i; for(i=0; iprefs.num_roots; i++) ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer); @@ -232,8 +232,8 @@ void ndpi_workflow_free(struct ndpi_workflow * workflow) { /* ***************************************************** */ int ndpi_workflow_node_cmp(const void *a, const void *b) { - struct ndpi_flow_info *fa = (struct ndpi_flow_info*)a; - struct ndpi_flow_info *fb = (struct ndpi_flow_info*)b; + const struct ndpi_flow_info *fa = (const struct ndpi_flow_info*)a; + const struct ndpi_flow_info *fb = (const struct ndpi_flow_info*)b; if(fa->hashval < fb->hashval) return(-1); else if(fa->hashval > fb->hashval) return(1); @@ -307,7 +307,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow u_int32_t idx, l4_offset, hashval; struct ndpi_flow_info flow; void *ret; - u_int8_t *l3, *l4; + const u_int8_t *l3, *l4; /* Note: to keep things simple (ndpiReader is just a demo app) @@ -322,10 +322,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow return NULL; l4_offset = iph->ihl * 4; - l3 = (u_int8_t*)iph; + l3 = (const u_int8_t*)iph; } else { l4_offset = sizeof(struct ndpi_ipv6hdr); - l3 = (u_int8_t*)iph6; + l3 = (const u_int8_t*)iph6; } if(l4_packet_len < 64) @@ -345,7 +345,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow workflow->stats.max_packet_len = l4_packet_len; *proto = iph->protocol; - l4 = ((u_int8_t *) l3 + l4_offset); + l4 = ((const u_int8_t *) l3 + l4_offset); if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; @@ -355,7 +355,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); - *payload = &l4[tcp_len]; + *payload = (u_int8_t*)&l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { // udp @@ -363,8 +363,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); - *payload = &l4[sizeof(struct ndpi_udphdr)]; - *payload_len = ndpi_max(0, l4_packet_len-sizeof(struct ndpi_udphdr)); + *payload = (u_int8_t*)&l4[sizeof(struct ndpi_udphdr)]; + *payload_len = (l4_packet_len > sizeof(struct ndpi_udphdr)) ? l4_packet_len-sizeof(struct ndpi_udphdr) : 0; } else { // non tcp/udp protocols *sport = *dport = 0; @@ -507,7 +507,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo iph.protocol = iph6->ip6_hdr.ip6_un1_nxt; if(iph.protocol == IPPROTO_DSTOPTS /* IPv6 destination option */) { - u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); + const u_int8_t *options = (const u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); iph.protocol = options[0]; } @@ -530,7 +530,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl /* BITTORRENT */ if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { - int i, j, n = 0; + u_int i, j, n = 0; for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", @@ -751,8 +751,14 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, workflow->last_time = time; /*** check Data Link type ***/ - const int datalink_type = pcap_datalink(workflow->pcap_handle); + int datalink_type; +#ifdef USE_DPDK + datalink_type = DLT_EN10MB; +#else + datalink_type = (int)pcap_datalink(workflow->pcap_handle); +#endif + datalink_check: switch(datalink_type) { case DLT_NULL: @@ -1076,3 +1082,49 @@ u_int32_t ethernet_crc32(const void* data, size_t n_bytes) { __crc32(data, n_bytes, &crc); return crc; } + +/* *********************************************** */ + +#ifdef USE_DPDK + +static const struct rte_eth_conf port_conf_default = { + .rxmode = { .max_rx_pkt_len = ETHER_MAX_LEN } +}; + +/* ************************************ */ + +int dpdk_port_init(int port, struct rte_mempool *mbuf_pool) { + struct rte_eth_conf port_conf = port_conf_default; + const u_int16_t rx_rings = 1, tx_rings = 1; + int retval; + u_int16_t q; + + /* 1 RX queue */ + retval = rte_eth_dev_configure(port, rx_rings, tx_rings, &port_conf); + + if(retval != 0) + return retval; + + for (q = 0; q < rx_rings; q++) { + retval = rte_eth_rx_queue_setup(port, q, RX_RING_SIZE, rte_eth_dev_socket_id(port), NULL, mbuf_pool); + if(retval < 0) + return retval; + } + + for (q = 0; q < tx_rings; q++) { + retval = rte_eth_tx_queue_setup(port, q, TX_RING_SIZE, rte_eth_dev_socket_id(port), NULL); + if(retval < 0) + return retval; + } + + retval = rte_eth_dev_start(port); + + if(retval < 0) + return retval; + + rte_eth_promiscuous_enable(port); + + return 0; +} + +#endif diff --git a/example/ndpi_util.h b/example/ndpi_util.h index d1d461490..eb9ab8e65 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -31,6 +31,24 @@ #include +#ifdef USE_DPDK +#include +#include +#include +#include +#include +#include + +#define RX_RING_SIZE 128 +#define TX_RING_SIZE 512 +#define NUM_MBUFS 8191 +#define MBUF_CACHE_SIZE 250 +#define BURST_SIZE 32 +#define PREFETCH_OFFSET 3 + +extern int dpdk_port_init(int port, struct rte_mempool *mbuf_pool); +#endif + #define MAX_NUM_READER_THREADS 16 #define IDLE_SCAN_PERIOD 10 /* msec (use TICK_RESOLUTION = 1000) */ #define MAX_IDLE_TIME 30000 -- cgit v1.2.3 From 0ee451040d57610f1965ef2a78dd4a2e8f5b3442 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Sun, 18 Nov 2018 12:50:53 +0100 Subject: Warning fix --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 89f5714a8..d9e150be7 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2703,7 +2703,7 @@ void test_lib() { void automataUnitTest() { void *automa; - assert(automa = ndpi_init_automa()); + assert((automa = ndpi_init_automa())); assert(ndpi_add_string_to_automa(automa, "hello") == 0); assert(ndpi_add_string_to_automa(automa, "world") == 0); ndpi_finalize_automa(automa); -- cgit v1.2.3 From 582da8d4bb00ed6be656451fbd6ebde6719c5ce2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 19 Nov 2018 18:24:33 +0100 Subject: Improved WeChat support Removed Musical.ly protocol as the service has been merged with another one and thus it is no longer used Improved guess for UDP protocols --- example/ndpiReader.c | 1 + src/include/ndpi_api.h | 2 + src/include/ndpi_main.h | 1 + src/include/ndpi_protocol_ids.h | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 13 +++--- src/lib/ndpi_main.c | 93 ++++++++++++++++++++++++---------------- src/lib/protocols/dropbox.c | 26 +++++++---- src/lib/protocols/eaq.c | 10 +++-- src/lib/protocols/skype.c | 17 ++++++-- 10 files changed, 107 insertions(+), 60 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d9e150be7..cb3238a88 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -911,6 +911,7 @@ static void node_print_known_proto_walker(const void *node, static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, + NULL, flow->protocol, ntohl(flow->src_ip), ntohs(flow->src_port), diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index d010577a5..c7ed7cd17 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -326,6 +326,7 @@ extern "C" { * Search and return the protocol guessed that is undetected * * @par ndpi_struct = the detection module + * @par flow = the flow we're trying to guess, NULL if not available * @par proto = the l4 protocol number * @par shost = source address in host byte order * @par sport = source port number @@ -335,6 +336,7 @@ extern "C" { * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost, u_int16_t sport, diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 3517d45b2..41280fb8e 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -119,6 +119,7 @@ extern "C" { u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 0d2712d20..aefb0fce2 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -73,7 +73,7 @@ typedef enum { NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow */ NDPI_PROTOCOL_BITTORRENT = 37, NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, - NDPI_PROTOCOL_MUSICALLY = 39, + NDPI_PROTOCOL_FREE_39 = 39, /* Free */ NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 51681e60e..4b69c2b7b 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -826,7 +826,7 @@ typedef enum { ndpi_pref_dns_dissect_response, ndpi_pref_direction_detect_disable, ndpi_pref_disable_metadata_export, - ndpi_pref_enable_category_substring_match, + ndpi_pref_enable_category_substring_match } ndpi_detection_preference; /* ntop extensions */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 71e236d37..4bfdde983 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -21,7 +21,6 @@ /* ****************************************************** */ static ndpi_network host_protocol_list[] = { - /* SoundCloud */ @@ -111,11 +110,14 @@ static ndpi_network host_protocol_list[] = { WeChat origin AS132203, AS132591, AS45090 */ - { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, - { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0XCBCDB000 /* 203.205.176.0/20 */, 20, NDPI_PROTOCOL_WECHAT }, + { 0XCBCDC000 /* 203.205.192.0/18 */, 18, NDPI_PROTOCOL_WECHAT }, + + /* OpenDNS, LLC @@ -8327,10 +8329,7 @@ ndpi_protocol_match host_match[] = { /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ { "slack-assets2.s3-", NULL, "slack-assets2\\.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "zhiliaoapp.com", NULL, "zhiliaoapp" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "muscdn.com", NULL, "muscdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "livelycdn.com", NULL, "livelycdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "direct.ly", NULL, "direct\\.ly$", "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "wechat.com", NULL, "wechat\\.com" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "github.com", NULL, "github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".github.com", NULL, "\\.github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3a6cd84ef..02ad31a5e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -517,7 +517,6 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, (*(ndpi_struct->ndpi_debug_printf))(protocol_id, ndpi_struct, NDPI_LOG_DEBUG, _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_struct, protocol_id)); - } #endif NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id); @@ -1205,9 +1204,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MUSICALLY, - no_master, - no_master, "Musical.ly", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT, + no_master, /* wechat.com */ + no_master, "WeChat", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED, @@ -1245,7 +1244,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, + no_master, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -2523,6 +2527,7 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_ /* ****************************************************** */ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { @@ -2531,8 +2536,17 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_struct, proto, sport, dport); if(found != NULL) { - *user_defined_proto = found->customUserProto; - return(found->proto->protoId); + u_int16_t guessed_proto = found->proto->protoId; + + /* We need to check if the guessed protocol isn't excluded by nDPI */ + if(flow + && (proto == IPPROTO_UDP) + && (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto))) + return(NDPI_PROTOCOL_UNKNOWN); + else { + *user_defined_proto = found->customUserProto; + return(guessed_proto); + } } } else { /* No TCP/UDP */ @@ -3956,18 +3970,17 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && (flow->l4.tcp.ssl_stage > 1)) flow->guessed_protocol_id = NDPI_PROTOCOL_SSL_NO_CERT; - guessed_protocol_id = flow->guessed_protocol_id, - guessed_host_protocol_id = flow->guessed_host_protocol_id; + guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) - guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; - + && ((flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) - guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)) + flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { @@ -4394,7 +4407,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else sport = dport = 0; /* guess protocol */ - flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); + flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, flow, protocol, sport, dport, &user_defined_proto); flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_struct, flow); if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { @@ -5356,6 +5369,7 @@ u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) { /* ****************************************************** */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost /* host byte order */, u_int16_t sport, u_int32_t dhost /* host byte order */, u_int16_t dport) { @@ -5365,30 +5379,37 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, - shost, dhost, sport, dport); + rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, - dport, &user_defined_proto); - - if(ret.app_protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - - ret.category = ndpi_get_proto_category(ndpi_struct, ret); - return(ret); + if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + ; + else { + ret.app_protocol = rc, + ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, + dport, &user_defined_proto); + + if(ret.app_protocol == ret.master_protocol) + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + + ret.category = ndpi_get_proto_category(ndpi_struct, ret); + return(ret); + } } - rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); + rc = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.app_protocol = rc; - - if(rc == NDPI_PROTOCOL_SSL) - goto check_guessed_skype; + if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + ; else { - ret.category = ndpi_get_proto_category(ndpi_struct, ret); - return(ret); + ret.app_protocol = rc; + + if(rc == NDPI_PROTOCOL_SSL) + goto check_guessed_skype; + else { + ret.category = ndpi_get_proto_category(ndpi_struct, ret); + return(ret); + } } } @@ -5402,10 +5423,10 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct ret.app_protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, + ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); - ret.category = ndpi_get_proto_category(ndpi_struct, ret); + ret.category = ndpi_get_proto_category(ndpi_struct, ret); return(ret); } diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index d981c76b3..39bb96ff2 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -48,14 +48,24 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, if(packet->udp != NULL) { u_int16_t dropbox_port = htons(DB_LSP_PORT); - if((packet->udp->source == dropbox_port) - && (packet->udp->dest == dropbox_port)) { - if(payload_len > 2) { - if(strstr((const char *)packet->payload, "\"host_int\"") != NULL) { - - NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); - ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); - return; + if(packet->udp->dest == dropbox_port) { + if(packet->udp->source == dropbox_port) { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } + } + } else { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } } } } diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 2082b5263..8768cac6f 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -53,12 +53,15 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(packet->udp != NULL) { u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; - + if(flow->l4.udp.eaq_pkt_id == 0) flow->l4.udp.eaq_sequence = seq; else { if( (flow->l4.udp.eaq_sequence != seq) && - ((flow->l4.udp.eaq_sequence+1) != seq)) break; + ((flow->l4.udp.eaq_sequence+1) != seq)) + break; + else + flow->l4.udp.eaq_sequence = seq; } if(++flow->l4.udp.eaq_pkt_id == 4) { @@ -66,7 +69,8 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd NDPI_LOG_INFO(ndpi_struct, "found eaq\n"); ndpi_int_eaq_add_connection(ndpi_struct, flow); return; - } + } else + return; } } while(0); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index e544724a5..8a4eafca4 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -31,13 +31,16 @@ static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } - + +static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { + return(((a == c) || (b == c)) ? 1 : 0); +} + static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if(flow->host_server_name[0] != '\0') return; @@ -46,10 +49,15 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s flow->l4.udp.skype_packet_id++; if(flow->l4.udp.skype_packet_id < 5) { + u_int16_t sport = ntohs(packet->udp->source); u_int16_t dport = ntohs(packet->udp->dest); /* skype-to-skype */ - if(dport != 1119) /* It can be confused with battle.net */ { + if(is_port(sport, dport, 1119) /* It can be confused with battle.net */ + || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */ + ) { + ; + } else { if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) || ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ @@ -57,11 +65,12 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s ndpi_skype_report_protocol(ndpi_struct, flow); } } + return; } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; - // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; -- cgit v1.2.3 From 669fdf6b5f3657c638ffa8df6ff1baebf5b311b1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Nov 2018 00:32:32 +0100 Subject: Improved skype, teredo, netbios heuristics Changed ndpi_detection_giveup() API: guess is now part of the call --- example/ndpiReader.c | 51 +----- example/ndpi_util.c | 7 +- src/include/ndpi_api.h | 4 +- src/lib/ndpi_main.c | 77 ++++++-- src/lib/protocols/netbios.c | 5 +- src/lib/protocols/skype.c | 2 +- src/lib/protocols/teredo.c | 2 +- tests/do.sh | 5 +- tests/result/pps.pcap.out | 193 ++++++++++---------- tests/result/skype.pcap.out | 310 ++++++++++++++++---------------- tests/result/skype_no_unknown.pcap.out | 316 ++++++++++++++++----------------- tests/result/viber.pcap.out | 42 +++-- tests/result/waze.pcap.out | 27 ++- 13 files changed, 531 insertions(+), 510 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index cb3238a88..78d95a76d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -81,7 +81,8 @@ static json_object *jArray_topStats; static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ -static u_int8_t enable_protocol_guess = 1, verbose = 0, json_flag = 0; +u_int8_t enable_protocol_guess = 1; +static u_int8_t verbose = 0, json_flag = 0; int nDPI_LogLevel = 0; char *_debug_protocols = NULL; static u_int8_t stats_flag = 0, bpf_filter_flag = 0; @@ -97,7 +98,7 @@ static struct timeval begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif -static struct timeval pcap_start, pcap_end; +static struct timeval pcap_start = { 0, 0}, pcap_end = { 0, 0 }; /** Detection parameters **/ static time_t capture_for = 0; static time_t capture_until = 0; @@ -905,27 +906,6 @@ static void node_print_known_proto_walker(const void *node, /* ********************************** */ -/** - * @brief Guess Undetected Protocol - */ -static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi_flow_info *flow) { - - flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, - NULL, - flow->protocol, - ntohl(flow->src_ip), - ntohs(flow->src_port), - ntohl(flow->dst_ip), - ntohs(flow->dst_port)); - // printf("Guess state: %u\n", flow->detected_protocol); - if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) - ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols++; - - return(flow->detected_protocol.app_protocol); -} - -/* ********************************** */ - /** * @brief Proto Guess Walker */ @@ -935,13 +915,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ if((!flow->detection_completed) && flow->ndpi_flow) - flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow); - - if(enable_protocol_guess) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - node_guess_undetected_protocol(thread_id, flow); - } - } + flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow, enable_protocol_guess); process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); @@ -1416,23 +1390,12 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, /** - * @brief On Protocol Discover - call node_guess_undetected_protocol() for protocol + * @brief On Protocol Discover - demo callback */ static void on_protocol_discovered(struct ndpi_workflow * workflow, struct ndpi_flow_info * flow, void * udata) { - const u_int16_t thread_id = (uintptr_t) udata; - - if(verbose > 1) { - if(enable_protocol_guess) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow), - flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN; - } - } - - // printFlow(thread_id, flow); - } + ; } #if 0 @@ -2026,8 +1989,10 @@ static void printResults(u_int64_t tot_usec) { float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; + if(live_capture) traffic_duration = tot_usec; else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec); + printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)traffic_duration; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 1a0d45914..58dc896b1 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -74,6 +74,8 @@ #include "ndpi_main.h" #include "ndpi_util.h" +extern u_int8_t enable_protocol_guess; + /* ***************************************************** */ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { @@ -677,8 +679,9 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->check_extra_packets = 1; if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, - flow->ndpi_flow); + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow, + enable_protocol_guess); + process_ndpi_collected_info(workflow, flow); } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index c7ed7cd17..5bee25f5b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -213,11 +213,13 @@ extern "C" { * * @par ndpi_struct = the detection module * @par flow = the flow given for the detection module + * @par enable_guess = guess protocol if unknown * @return the detected protocol even if the flow is not completed; * */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow); + struct ndpi_flow_struct *flow, + u_int8_t enable_guess); /** * Processes an extra packet in order to get more information for a given protocol diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index fcfaec713..c7d9e237e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2526,6 +2526,25 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_ /* ****************************************************** */ +/* + These are UDP protocols that must fit a single packet + and thus that if have NOT been detected they cannot be guessed + as they have been excluded + */ +u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) { + switch(l7_guessed_proto) { + case NDPI_PROTOCOL_QUIC: + case NDPI_PROTOCOL_SNMP: + case NDPI_PROTOCOL_NETFLOW: + /* TODO: add more protocols (if any missing) */ + return(1); + } + + return(0); +} + +/* ****************************************************** */ + u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, @@ -2541,7 +2560,9 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc /* We need to check if the guessed protocol isn't excluded by nDPI */ if(flow && (proto == IPPROTO_UDP) - && (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto))) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto) + && is_udp_guessable_protocol(guessed_proto) + ) return(NDPI_PROTOCOL_UNKNOWN); else { *user_defined_proto = found->customUserProto; @@ -3397,7 +3418,7 @@ static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struc } return 0; } -#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ +#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ static u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize) @@ -3605,13 +3626,18 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str && flow->init_finished != 0 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { u_int8_t backup; + u_int16_t backup1, backup2; if(flow->http.url) ndpi_free(flow->http.url); if(flow->http.content_type) ndpi_free(flow->http.content_type); - backup = flow->num_processed_pkts; + backup = flow->num_processed_pkts; + backup1 = flow->guessed_protocol_id; + backup2 = flow->guessed_host_protocol_id; memset(flow, 0, sizeof(*(flow))); flow->num_processed_pkts = backup; + flow->guessed_protocol_id = backup1; + flow->guessed_host_protocol_id = backup2; NDPI_LOG_DBG(ndpi_struct, "tcp syn packet for unknown protocol, reset detection state\n"); @@ -3785,9 +3811,8 @@ void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_struct ndpi_struct->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask && (flow == NULL || - NDPI_BITMASK_COMPARE - (flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0) + NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, + ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0) && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_non_tcp_udp[a].detection_bitmask, detection_bitmask) != 0) { @@ -3905,8 +3930,7 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && (ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct-> - callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 + ndpi_struct->callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_no_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_no_payload[a].func(ndpi_struct, flow); @@ -3951,7 +3975,7 @@ static u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct /* ********************************************************************************* */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { + struct ndpi_flow_struct *flow, u_int8_t enable_guess) { ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; if(flow == NULL) return(ret); @@ -3973,13 +3997,18 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && ((flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + && ((flow->packet.l4_protocol == IPPROTO_UDP) + && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id) + && is_udp_guessable_protocol(guessed_host_protocol_id) + )) flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)) + && (flow->packet.l4_protocol == IPPROTO_UDP) + && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id) + && is_udp_guessable_protocol(guessed_protocol_id)) flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) @@ -4026,6 +4055,20 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ret.app_protocol = NDPI_PROTOCOL_HANGOUT; } + if(enable_guess + && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) + && flow->packet.iph /* Guess only IPv4 */ + && (flow->packet.tcp || flow->packet.udp) + ) + ret = ndpi_guess_undetected_protocol(ndpi_struct, + flow, + flow->packet.l4_protocol, + ntohl(flow->packet.iph->saddr), + ntohs(flow->packet.udp ? flow->packet.udp->source : flow->packet.tcp->source), + ntohl(flow->packet.iph->daddr), + ntohs(flow->packet.udp ? flow->packet.udp->dest : flow->packet.tcp->dest) + ); + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); @@ -4421,7 +4464,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->packet.iph) { if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ - ret = ndpi_detection_giveup(ndpi_struct, flow); + ret = ndpi_detection_giveup(ndpi_struct, flow, 0); } ndpi_fill_protocol_category(ndpi_struct, flow, &ret); @@ -4499,7 +4542,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct We don't see how future packets can match anything hence we giveup here */ - ret = ndpi_detection_giveup(ndpi_struct, flow); + ret = ndpi_detection_giveup(ndpi_struct, flow, 0); } return(ret); @@ -5382,7 +5425,9 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + if(flow && (proto == IPPROTO_UDP) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) + && is_udp_guessable_protocol(rc)) ; else { ret.app_protocol = rc, @@ -5399,7 +5444,9 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + if(flow && (proto == IPPROTO_UDP) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) + && is_udp_guessable_protocol(rc)) ; else { ret.app_protocol = rc; diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 4c5897c14..925b864ad 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -330,9 +330,8 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "found netbios port 138 and payload length >= 112 \n"); - if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { - - NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); + if(packet->payload[0] >= 0x10 && packet->payload[0] <= 0x16) { + NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x10,0x11,0x12,0x13,0x14,0x15 or 0x16\n"); if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { NDPI_LOG_INFO(ndpi_struct, "found netbios with checked ip-address\n"); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 8a4eafca4..faeac17c5 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -66,7 +66,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s } } - return; + // return; } NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 732b1d6c9..e377d09a4 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -32,7 +32,7 @@ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_LOG_DBG(ndpi_struct,"search teredo\n"); if(packet->udp && packet->iph - && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */) + && ((ntohl(packet->iph->daddr) & 0xF0000000) != 0xE0000000 /* Not a multicast address */) && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544)) && (packet->payload_packet_len >= 40 /* IPv6 header */)) { NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); diff --git a/tests/do.sh b/tests/do.sh index 7516e5997..a17878fb5 100755 --- a/tests/do.sh +++ b/tests/do.sh @@ -7,7 +7,10 @@ build_results() { for f in $PCAPS; do #echo $f # create result files if not present - [ ! -f result/$f.out ] && $READER -q -i pcap/$f -w result/$f.out -v 1 + if [ ! -f result/$f.out ]; then + CMD="$READER -q -i pcap/$f -w result/$f.out -v 1" + $CMD + fi done } diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 778aa1197..baad4b4e6 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,9 +1,10 @@ -Unknown 990 378832 34 +Unknown 985 375351 33 HTTP 47 42014 11 SSDP 63 17143 10 HTTP_Download 26 27222 2 Google 2 1093 1 GenericProtocol 1429 1780307 49 +QUIC 5 3481 1 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] @@ -12,72 +13,73 @@ GenericProtocol 1429 1780307 49 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] - 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] - 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] - 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] - 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] - 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] - 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] - 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] - 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] - 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] - 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] - 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] - 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] - 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] - 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] - 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] - 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] - 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] - 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] - 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] - 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] - 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] - 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] - 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] - 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] - 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] - 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] - 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] - 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] - 73 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 188/QUIC][cat: Web/5][2 pkts/158 bytes <-> 3 pkts/3323 bytes] + 9 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] + 10 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 11 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] + 12 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] + 13 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] + 14 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 15 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 16 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 17 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 18 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] + 20 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 21 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] + 22 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 23 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] + 24 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 25 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] + 26 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 27 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] + 28 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 29 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 30 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 31 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 32 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 33 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 34 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] + 35 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 36 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] + 37 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 41 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] + 42 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 43 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 44 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] + 45 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] + 46 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 47 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 48 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 51 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] + 52 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] + 53 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 54 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] + 55 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 56 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] + 57 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 58 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 59 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 60 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 61 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 62 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] + 63 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 64 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 65 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 66 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] + 68 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] + 69 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] + 70 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] + 72 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] + 73 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] + 74 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -86,32 +88,31 @@ Undetected flows: 3 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][30 pkts/33210 bytes <-> 71 pkts/5609 bytes] 4 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][34 pkts/2686 bytes <-> 11 pkts/12177 bytes] 5 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][30 pkts/2370 bytes <-> 10 pkts/10042 bytes] - 6 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][2 pkts/158 bytes <-> 3 pkts/3323 bytes] - 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 13 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] - 14 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 26 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 12 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] + 13 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 26 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 4d09243a3..ddb00deaa 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 175 20913 11 +Unknown 171 20697 10 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -9,7 +9,7 @@ IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 Skype 584 56659 57 -Apple 3 168 1 +Apple 7 384 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -146,157 +146,158 @@ ApplePush 12 1877 1 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 133 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 134 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 275 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 276 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 140/Apple][cat: Web/5][4 pkts/216 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 134 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 135 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 136 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 137 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 138 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 275 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 276 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 282 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 283 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -309,5 +310,4 @@ Undetected flows: 7 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] 8 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 1c43d3161..a278e42eb 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 186 61791 12 +Unknown 183 61585 11 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -8,7 +8,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 607 129455 45 +Skype 610 129661 46 Apple 76 19581 1 MS_OneDrive 348 181687 1 ApplePush 8 1118 1 @@ -114,160 +114,161 @@ ApplePush 8 1118 1 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes] 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes] 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 102 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 103 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 105 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 106 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 108 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 247 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 248 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 249 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] + 102 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 103 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 104 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 105 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 106 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 107 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 109 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 248 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 249 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 256 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -281,5 +282,4 @@ Undetected flows: 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] 10 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 738169827..0c85aae9e 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -1,3 +1,4 @@ +Unknown 93 13829 4 DNS 8 1267 4 MDNS 4 412 1 ICMP 2 3028 1 @@ -5,7 +6,7 @@ SSL 129 42221 7 ICMPV6 2 140 1 Facebook 2 281 1 Google 2 164 1 -Viber 268 99524 9 +Viber 175 85695 5 QUIC 3 194 1 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/SSL.Viber][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][client: dl-media.viber.com][server: *.viber.com] @@ -16,21 +17,24 @@ QUIC 3 194 1 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com] 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][client: venetia.iad.appboy.com][server: y.ssl.fastly.net] 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com] - 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: Chat/9][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] - 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: Chat/9][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] - 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] - 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] - 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 15 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] - 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] - 18 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] - 19 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] - 20 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] - 21 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] - 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] - 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] - 24 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] - 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 9 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] + 10 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] + 11 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 12 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 13 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] + 15 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] + 16 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] + 17 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] + 18 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] + 19 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] + 20 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] + 21 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] + 22 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] + + +Undetected flows: + 1 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 0/Unknown][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] + 2 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 0/Unknown][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] + 3 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 4 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 5b183ea2c..bdb4acf91 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,4 +1,3 @@ -Unknown 10 786 1 HTTP 28 1572 7 NTP 2 180 1 HTTP_Download 37 63205 1 @@ -6,6 +5,7 @@ SSL_No_Cert 13 2142 1 SSL 8 432 2 Waze 484 289335 19 WhatsApp 15 1341 1 +Amazon 10 786 1 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com] 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net] @@ -29,17 +29,14 @@ WhatsApp 15 1341 1 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] - 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 27 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 29 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 31 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] - - -Undetected flows: - 1 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][8 pkts/678 bytes <-> 2 pkts/108 bytes] + 23 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 91.178/SSL.Amazon][cat: Web/5][8 pkts/678 bytes <-> 2 pkts/108 bytes] + 24 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 25 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 26 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 28 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 29 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 30 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 31 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 32 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 33 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] -- cgit v1.2.3 From e9dd5985b3d3f1ac462b9145c20f32c4ed7869b7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Nov 2018 17:22:15 +0100 Subject: Made configure more friendly Added time measurement in ndpiReader (processing and setup time) --- configure.seed | 1 + example/ndpiReader.c | 40 +++++++++++++++++++++++----------------- 2 files changed, 24 insertions(+), 17 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/configure.seed b/configure.seed index 11220f885..1aa68f17c 100644 --- a/configure.seed +++ b/configure.seed @@ -87,6 +87,7 @@ if test "${with_hyperscan+set}" = set; then HS_INC=`pkg-config --cflags libhs` HS_LIB=`pkg-config --libs libhs` LDFLAGS="$LDFLAGS $HS_LIB" + AC_MSG_RESULT([compiling with Intel Hyperscan]) else AC_MSG_RESULT([Intel Hyperscan not found, exiting. See https://github.com/intel/hyperscan/blob/master/doc/dev-reference/getting_started.rst for install/build instructions]) exit 1 diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 78d95a76d..2885399d2 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -94,7 +94,7 @@ static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; static u_int8_t shutdown_app = 0, quiet_mode = 0; static u_int8_t num_threads = 1; -static struct timeval begin, end; +static struct timeval startup_time, begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif @@ -1890,7 +1890,7 @@ void printPortStats(struct port_stats *stats) { /** * @brief Print result */ -static void printResults(u_int64_t tot_usec) { +static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_usec) { u_int32_t i; u_int64_t total_flow_bytes = 0; u_int32_t avg_pkt_size = 0; @@ -1953,7 +1953,9 @@ static void printResults(u_int64_t tot_usec) { printf("\tFlow Memory (per flow): %-13s\n", formatBytes(sizeof(struct ndpi_flow_struct), buf, sizeof(buf))); printf("\tActual Memory: %-13s\n", formatBytes(current_ndpi_memory, buf, sizeof(buf))); printf("\tPeak Memory: %-13s\n", formatBytes(max_ndpi_memory, buf, sizeof(buf))); - + printf("\tSetup Time: %lu msec\n", setup_time_usec/1000); + printf("\tPacket Processing Time: %lu msec\n", processing_time_usec/1000); + if(!json_flag) { printf("\nTraffic statistics:\n"); printf("\tEthernet bytes: %-13llu (includes ethernet CRC/IFC/trailer)\n", @@ -1984,13 +1986,13 @@ static void printResults(u_int64_t tot_usec) { printf("\tPacket Len 1024-1500: %-13lu\n", (unsigned long)cumulative_stats.packet_len[4]); printf("\tPacket Len > 1500: %-13lu\n", (unsigned long)cumulative_stats.packet_len[5]); - if(tot_usec > 0) { + if(processing_time_usec > 0) { char buf[32], buf1[32], when[64]; - float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; - float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; + float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)processing_time_usec; + float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)processing_time_usec; float traffic_duration; - if(live_capture) traffic_duration = tot_usec; + if(live_capture) traffic_duration = processing_time_usec; else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec); printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); @@ -2002,7 +2004,7 @@ static void printResults(u_int64_t tot_usec) { strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_end.tv_sec)); printf("\tAnalysis end: %s\n", when); printf("\tTraffic throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); - printf("\tTraffic duration: %.3f sec\n", traffic_duration/1000000); + printf("\tTraffic duration: %.3f sec\n", traffic_duration/1000000); } if(enable_protocol_guess) @@ -2491,12 +2493,13 @@ static void pcap_process_packet(u_char *args, if((pcap_end.tv_sec-pcap_start.tv_sec) > pcap_analysis_duration) { int i; - u_int64_t tot_usec; + u_int64_t processing_time_usec, setup_time_usec; gettimeofday(&end, NULL); - tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); - - printResults(tot_usec); + processing_time_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + setup_time_usec = begin.tv_sec*1000000 + begin.tv_usec - (startup_time.tv_sec*1000000 + startup_time.tv_usec); + + printResults(processing_time_usec, setup_time_usec); for(i=0; iprefs.num_roots; i++) { ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); @@ -2595,7 +2598,7 @@ pcap_loop: */ void test_lib() { struct timeval end; - u_int64_t tot_usec; + u_int64_t processing_time_usec, setup_time_usec; long thread_id; #ifdef HAVE_JSON_C @@ -2647,10 +2650,11 @@ void test_lib() { } gettimeofday(&end, NULL); - tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + processing_time_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + setup_time_usec = begin.tv_sec*1000000 + begin.tv_usec - (startup_time.tv_sec*1000000 + startup_time.tv_usec); /* Printing cumulative results */ - printResults(tot_usec); + printResults(processing_time_usec, setup_time_usec); if(stats_flag) { #ifdef HAVE_JSON_C @@ -3263,8 +3267,8 @@ int orginal_main(int argc, char **argv) { #else int main(int argc, char **argv) { #endif - int i; - + int i; + if(ndpi_get_api_version() != NDPI_API_VERSION) { printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n"); return(-1); @@ -3272,7 +3276,9 @@ int orginal_main(int argc, char **argv) { automataUnitTest(); + gettimeofday(&startup_time, NULL); ndpi_info_mod = ndpi_init_detection_module(); + if(ndpi_info_mod == NULL) return -1; memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); -- cgit v1.2.3 From f15aed6c46461779459031058f0e9f076a3186bc Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Nov 2018 23:25:27 +0100 Subject: Renamed internal function --- example/ndpiReader.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2885399d2..29d07e299 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2400,7 +2400,7 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi /** * @brief Check pcap packet */ -static void pcap_process_packet(u_char *args, +static void ndpi_process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { struct ndpi_proto p; @@ -2522,7 +2522,7 @@ static void pcap_process_packet(u_char *args, */ static void runPcapLoop(u_int16_t thread_id) { if((!shutdown_app) && (ndpi_thread_info[thread_id].workflow->pcap_handle != NULL)) - pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_process_packet, (u_char*)&thread_id); + pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &ndpi_process_packet, (u_char*)&thread_id); } /** @@ -2570,7 +2570,7 @@ void * processing_thread(void *_thread_id) { h.len = h.caplen = len; gettimeofday(&h.ts, NULL); - pcap_process_packet((u_char*)&thread_id, &h, (const u_char *)data); + ndpi_process_packet((u_char*)&thread_id, &h, (const u_char *)data); rte_pktmbuf_free(bufs[i]); } } -- cgit v1.2.3 From 622519e90ec2327ce8507783fb3858397bd42c07 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 29 Nov 2018 07:53:41 +0100 Subject: Warning fix --- example/ndpiReader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 29d07e299..6c3dfeee8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1953,8 +1953,8 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us printf("\tFlow Memory (per flow): %-13s\n", formatBytes(sizeof(struct ndpi_flow_struct), buf, sizeof(buf))); printf("\tActual Memory: %-13s\n", formatBytes(current_ndpi_memory, buf, sizeof(buf))); printf("\tPeak Memory: %-13s\n", formatBytes(max_ndpi_memory, buf, sizeof(buf))); - printf("\tSetup Time: %lu msec\n", setup_time_usec/1000); - printf("\tPacket Processing Time: %lu msec\n", processing_time_usec/1000); + printf("\tSetup Time: %lu msec\n", (unsigned long)(setup_time_usec/1000)); + printf("\tPacket Processing Time: %lu msec\n", (unsigned long)(processing_time_usec/1000)); if(!json_flag) { printf("\nTraffic statistics:\n"); -- cgit v1.2.3