From 281ba768ec76a5e2823d20a8264a4e0537548fc2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 1 Apr 2017 21:33:15 +0200 Subject: Added Ookla (SpeedTest) protocol detection --- example/ndpi_util.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 3ab6d8da4..d2f002270 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -62,6 +62,10 @@ #define GTP_U_V1_PORT 2152 #define TZSP_PORT 37008 +#ifndef DLT_LINUX_SLL +#define DLT_LINUX_SLL 113 +#endif + #include "ndpi_main.h" #include "ndpi_util.h" @@ -629,7 +633,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, datalink_check: switch(datalink_type) { - case DLT_NULL : + case DLT_NULL: if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2) type = ETH_P_IP; else @@ -653,7 +657,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* IEEE 802.3 Ethernet - 1 */ - case DLT_EN10MB : + case DLT_EN10MB: ethernet = (struct ndpi_ethhdr *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset; check = ntohs(ethernet->h_proto); @@ -674,15 +678,13 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Linux Cooked Capture - 113 */ -#ifdef __linux__ - case DLT_LINUX_SLL : + case DLT_LINUX_SLL: type = (packet[eth_offset+14] << 8) + packet[eth_offset+15]; ip_offset = 16 + eth_offset; break; -#endif /* Radiotap link-layer - 127 */ - case DLT_IEEE802_11_RADIO : + case DLT_IEEE802_11_RADIO: radiotap = (struct ndpi_radiotap_header *) &packet[eth_offset]; radio_len = radiotap->len; -- cgit v1.2.3 From d8b2189cc30f675fba46b072d162dc5943b1c362 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 14 Apr 2017 00:07:46 +0200 Subject: Initial wireshark integration via extcap interface --- example/ndpiReader.c | 242 ++++++++++++++++++++++++++++++++++++++++++++++++--- example/ndpi_util.c | 42 ++++----- example/ndpi_util.h | 6 +- 3 files changed, 255 insertions(+), 35 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index dda137df9..0852777c8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -24,11 +24,11 @@ #endif #include #include +#include #ifdef WIN32 #include /* winsock.h is included automatically */ #include #include -#include #define getopt getopt____ #else #include @@ -81,6 +81,10 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +static pcap_dumper_t *extcap_dumper = NULL; +static char *extcap_capture_fifo = NULL; +static u_int16_t extcap_packet_filter = (u_int16_t)-1; + // struct associated to a workflow for a thread struct reader_thread { struct ndpi_workflow * workflow; @@ -104,8 +108,15 @@ typedef struct ndpi_id { u_int32_t current_ndpi_memory = 0, max_ndpi_memory = 0; -/********************** FUNCTIONS ********************* */ +void test_lib(); /* Forward */ + +/* ********************************** */ + +#ifdef DEBUG_TRACE +FILE *trace = NULL; +#endif +/********************** FUNCTIONS ********************* */ /** * @brief Set main components necessary to the detection @@ -142,6 +153,20 @@ static void help(u_int long_help) { " -h | This help\n" " -v <1|2> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose\n"); + #ifndef WIN32 + printf("\nExcap (wireshark) options:\n" + " --extcap-interfaces\n" + " --extcap-version\n" + " --extcap-dlts\n" + " --extcap-interface \n" + " --extcap-config\n" + " --capture\n" + " --extcap-capture-filter\n" + " --fifo \n" + " --debug\n" + ); + #endif + if(long_help) { printf("\n\nSupported protocols:\n"); num_threads = 1; @@ -152,28 +177,153 @@ static void help(u_int long_help) { } +static struct option longopts[] = { + /* mandatory extcap options */ + { "extcap-interfaces", no_argument, NULL, '0'}, + { "extcap-version", optional_argument, NULL, '1'}, + { "extcap-dlts", no_argument, NULL, '2'}, + { "extcap-interface", required_argument, NULL, '3'}, + { "extcap-config", no_argument, NULL, '4'}, + { "capture", no_argument, NULL, '5'}, + { "extcap-capture-filter", required_argument, NULL, '6'}, + { "fifo", required_argument, NULL, '7'}, + { "debug", optional_argument, NULL, '8'}, + { "ndpi-proto-filter", required_argument, NULL, '9'}, + + /* ndpiReader options */ + { "enable-protocol-guess", no_argument, NULL, 'd'}, + { "interface", required_argument, NULL, 'i'}, + { "filter", required_argument, NULL, 'f'}, + { "cpu-bind", required_argument, NULL, 'g'}, + { "loops", required_argument, NULL, 'l'}, + { "num-threads", required_argument, NULL, 'n'}, + + { "protos", required_argument, NULL, 'p'}, + { "capture-duration", required_argument, NULL, 's'}, + { "decode-tunnels", no_argument, NULL, 't'}, + { "revision", no_argument, NULL, 'r'}, + { "verbose", no_argument, NULL, 'v'}, + { "version", no_argument, NULL, 'V'}, + { "help", no_argument, NULL, 'h'}, + { "json", required_argument, NULL, 'j'}, + { "result-path", required_argument, NULL, 'w'}, + { "quiet", no_argument, NULL, 'q'}, + + {0, 0, 0, 0} +}; + +/* ********************************** */ + +void extcap_interfaces() { + printf("extcap {version=%s}\n", ndpi_revision()); + printf("interface {value=ndpi}{display=nDPI interface}\n"); + exit(0); +} + +/* ********************************** */ + +void extcap_dlts() { + u_int dlts_number = DLT_EN10MB; + printf("dlt {number=%u}{name=%s}{display=%s}\n", dlts_number, "ndpi", "nDPI interface"); + exit(0); +} + +/* ********************************** */ + +void extcap_config() { + int i, argidx = 0; + struct ndpi_detection_module_struct *ndpi_mod; + +#if 1 + printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" + "{tooltip=The interface name}\n", argidx++); +#else + + printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" + "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); +#endif + + printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" + "{tooltip=nDPI Protocol to be filtered}\n", argidx); + + setupDetection(0, NULL); + ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; + + printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) + printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, i, + ndpi_mod->proto_defaults[i].protoName, i); + + exit(0); +} + +/* ********************************** */ + +void extcap_capture() { +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); +#endif + + if((extcap_dumper = pcap_dump_open(pcap_open_dead(DLT_EN10MB, 16384 /* MTU */), + extcap_capture_fifo)) == NULL) { + fprintf(stderr, "Unable to open the pcap dumper on %s", extcap_capture_fifo); + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Unable to open the pcap dumper on %s\n", + extcap_capture_fifo); +#endif + return; + } + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Starting packet capture [%p]\n", extcap_dumper); +#endif + + test_lib(); + pcap_dump_close(extcap_dumper); + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "End of packet capture [%p]\n", extcap_dumper); +#endif +} + +/* ********************************** */ + /** * @brief Option parser */ static void parseOptions(int argc, char **argv) { - + int option_idx = 0, do_capture = 0; char *__pcap_file = NULL, *bind_mask = NULL; int thread_id, opt; #ifdef linux u_int num_cores = sysconf(_SC_NPROCESSORS_ONLN); #endif - while ((opt = getopt(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q")) != EOF) { +#ifdef DEBUG_TRACE + trace = fopen("/tmp/ndpiReader.log", "a"); + + if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); +#endif + + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:", longopts, &option_idx)) != EOF) { +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); +#endif + switch (opt) { case 'd': enable_protocol_guess = 0; break; case 'i': + case '3': _pcap_file[0] = optarg; break; case 'f': + case '6': _bpf_filter = optarg; break; @@ -240,12 +390,47 @@ static void parseOptions(int argc, char **argv) { quiet_mode = 1; break; + /* Extcap */ + case '0': + extcap_interfaces(); + break; + + case '1': + printf("extcap {version=%s}\n", ndpi_revision()); + break; + + case '2': + extcap_dlts(); + break; + + case '4': + extcap_config(); + break; + + case '5': + do_capture = 1; + break; + + case '7': + extcap_capture_fifo = strdup(optarg); + break; + + case '8': + nDPI_traceLevel = 9; + break; + + case '9': + extcap_packet_filter = atoi(optarg); + break; + default: help(0); break; } } + if(do_capture) extcap_capture(); + // check parameters if(_pcap_file[0] == NULL || strcmp(_pcap_file[0], "") == 0) { help(0); @@ -277,6 +462,10 @@ static void parseOptions(int argc, char **argv) { } } #endif + +#ifdef DEBUG_TRACE + if(trace) fclose(trace); +#endif } @@ -370,7 +559,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { ntohs(flow->upper_port)); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); - + if(flow->detected_protocol.master_protocol) { char buf[64]; @@ -388,7 +577,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); - + if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); @@ -1138,13 +1327,14 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi static void pcap_packet_callback_checked(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { - + struct ndpi_proto p; u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ uint8_t *packet_checked = malloc(header->caplen); + memcpy(packet_checked, packet, header->caplen); - ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); + p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); if((capture_until != 0) && (header->ts.tv_sec >= capture_until)) { if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) @@ -1182,6 +1372,25 @@ static void pcap_packet_callback_checked(u_char *args, } } +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Found %u bytes packet %u.%u\n", header->caplen, p.app_protocol, p.master_protocol); +#endif + + if(extcap_dumper + && ((extcap_packet_filter == (u_int16_t)-1) + || (p.app_protocol == extcap_packet_filter) + || (p.master_protocol == extcap_packet_filter) + ) + ) { + struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); +#endif + // h->caplen += 8, h->len += 8; + pcap_dump((u_char*)extcap_dumper, h, packet); + } + /* check for buffer changes */ if(memcmp(packet, packet_checked, header->caplen) != 0) printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu]\n", @@ -1244,7 +1453,6 @@ void * processing_thread(void *_thread_id) { * @brief Begin, process, end detection process */ void test_lib() { - struct timeval begin, end; u_int64_t tot_usec; long thread_id; @@ -1253,8 +1461,18 @@ void test_lib() { json_init(); #endif +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Num threads: %d\n", num_threads); +#endif + for(thread_id = 0; thread_id < num_threads; thread_id++) { - pcap_t * cap = openPcapFileOrDevice(thread_id, (const u_char*)_pcap_file[thread_id]); + pcap_t *cap; + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Opening %s\n", (const u_char*)_pcap_file[thread_id]); +#endif + + cap = openPcapFileOrDevice(thread_id, (const u_char*)_pcap_file[thread_id]); setupDetection(thread_id, cap); } @@ -1275,9 +1493,9 @@ void test_lib() { printResults(tot_usec); for(thread_id = 0; thread_id < num_threads; thread_id++) { - if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { + if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) pcap_close(ndpi_thread_info[thread_id].workflow->pcap_handle); - } + terminateDetection(thread_id); } } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d2f002270..60dc94230 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -502,13 +502,13 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl @Note: ipsize = header->len - ip_offset ; rawsize = header->len */ -static unsigned int packet_processing(struct ndpi_workflow * workflow, - const u_int64_t time, - u_int16_t vlan_id, - const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, - u_int16_t ip_offset, - u_int16_t ipsize, u_int16_t rawsize) { +static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, + const u_int64_t time, + u_int16_t vlan_id, + const struct ndpi_iphdr *iph, + struct ndpi_ipv6hdr *iph6, + u_int16_t ip_offset, + u_int16_t ipsize, u_int16_t rawsize) { struct ndpi_id_struct *src, *dst; struct ndpi_flow_info *flow = NULL; struct ndpi_flow_struct *ndpi_flow = NULL; @@ -540,11 +540,11 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, flow->packets++, flow->bytes += rawsize; flow->last_seen = time; } else { - return(0); + return(flow->detected_protocol); } /* Protocol already detected */ - if(flow->detection_completed) return(0); + if(flow->detection_completed) return(flow->detected_protocol); flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, iph ? (uint8_t *)iph : (uint8_t *)iph6, @@ -565,14 +565,14 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } process_ndpi_collected_info(workflow, flow); - return 0; + return(flow->detected_protocol); } /* ****************************************************** */ -void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, - const struct pcap_pkthdr *header, - const u_char *packet) { +struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, + const struct pcap_pkthdr *header, + const u_char *packet) { /* * Declare pointers to packet headers */ @@ -597,6 +597,8 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /** --- IPv6 header --- **/ struct ndpi_ipv6hdr *iph6; + struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; @@ -691,7 +693,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* Check Bad FCS presence */ if((radiotap->flags & BAD_FCS) == BAD_FCS) { workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } /* Calculate 802.11 header length (variable) */ @@ -721,7 +723,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, default: /* printf("Unknown datalink %d\n", datalink_type); */ - return; + return(nproto); } /* check ether type */ @@ -802,7 +804,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } } else if(iph->version == 6) { iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; @@ -827,7 +829,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, ipv4_warning_used = 1; } workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } if(workflow->prefs.decode_tunnels && (proto == IPPROTO_UDP)) { @@ -886,7 +888,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, offset += tag_len; if(offset >= header->caplen) - return; /* Invalid packet */ + return(nproto); /* Invalid packet */ else { eth_offset = offset; goto datalink_check; @@ -897,6 +899,6 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } /* process the packet */ - packet_processing(workflow, time, vlan_id, iph, iph6, - ip_offset, header->len - ip_offset, header->len); + return(packet_processing(workflow, time, vlan_id, iph, iph6, + ip_offset, header->len - ip_offset, header->len)); } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 1c092cbfa..4895cdcb1 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -138,9 +138,9 @@ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow); /* Process a packet and update the workflow */ -void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, - const struct pcap_pkthdr *header, - const u_char *packet); +struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, + const struct pcap_pkthdr *header, + const u_char *packet); /* flow callbacks for complete detected flow -- cgit v1.2.3 From 29cd6ef9942188633b79b5c1fe62360f048a6450 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 00:29:53 +0200 Subject: fix segmentation fault caused by missing spanning tree check - add control for threads return values --- example/ndpiReader.c | 32 +++++++++++++++++++++++++------- example/ndpi_util.c | 13 ++++++++++--- 2 files changed, 35 insertions(+), 10 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0852777c8..3df43a9fe 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1331,7 +1331,7 @@ static void pcap_packet_callback_checked(u_char *args, u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ - uint8_t *packet_checked = malloc(header->caplen); + uint8_t *packet_checked = malloc(header->caplen); /* HEAP OVERFLOW !!! */ memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); @@ -1478,14 +1478,32 @@ void test_lib() { gettimeofday(&begin, NULL); - /* Running processing threads */ - for(thread_id = 0; thread_id < num_threads; thread_id++) - pthread_create(&ndpi_thread_info[thread_id].pthread, NULL, processing_thread, (void *) thread_id); + int status; + void * thd_res; + /* Running processing threads */ + for(thread_id = 0; thread_id < num_threads; thread_id++) { + status = pthread_create(&ndpi_thread_info[thread_id].pthread, NULL, processing_thread, (void *) thread_id); + /* check pthreade_create return value */ + if(status != 0) { + fprintf(stderr, "error on create %ld thread\n", thread_id); + exit(-1); + } + } /* Waiting for completion */ - for(thread_id = 0; thread_id < num_threads; thread_id++) - pthread_join(ndpi_thread_info[thread_id].pthread, NULL); - + for(thread_id = 0; thread_id < num_threads; thread_id++) { + status = pthread_join(ndpi_thread_info[thread_id].pthread, thd_res); + /* check pthreade_join return value */ + if(status != 0) { + fprintf(stderr, "error on join %ld thread\n", thread_id); + exit(-1); + } + if(thd_res != NULL) { + fprintf(stderr, "error on returned value of %ld joined thread\n", thread_id); + exit(-1); + } + } + gettimeofday(&end, NULL); tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 60dc94230..a5d9d300d 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -48,6 +48,7 @@ #define MPLS_MULTI 0x8848 #define PPPoE 0x8864 #define SNAP 0xaa +#define BSTP 0x42 /* Bridge Spanning Tree Protocol */ /* mask for FCF */ #define WIFI_DATA 0x2 /* 0000 0010 */ @@ -286,8 +287,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); *payload = &l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); - } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + // udp + } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; @@ -670,12 +673,16 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = check; if(pyld_eth_len != 0) { + llc = (struct ndpi_llc_header *)(&packet[ip_offset]); /* check for LLC layer with SNAP extension */ - if(packet[ip_offset] == SNAP) { - llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + if(llc->dsap == SNAP || llc->ssap == SNAP) { +#define SNAP_EXT type = llc->snap.proto_ID; ip_offset += + 8; } + else if(llc->dsap == BSTP || llc->ssap == BSTP) { + goto v4_warning; + } } break; -- cgit v1.2.3 From 2b0809f3dc297289f9413db4dde2eaa109a3603e Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 00:40:01 +0200 Subject: name correction for llc_snap header and minor fix --- example/ndpiReader.c | 2 +- example/ndpi_util.c | 10 +++++----- src/include/ndpi_typedefs.h | 4 +--- 3 files changed, 7 insertions(+), 9 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 3df43a9fe..b32650871 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1331,7 +1331,7 @@ static void pcap_packet_callback_checked(u_char *args, u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ - uint8_t *packet_checked = malloc(header->caplen); /* HEAP OVERFLOW !!! */ + uint8_t *packet_checked = malloc(header->caplen); memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index a5d9d300d..8fe80111a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -582,7 +582,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* --- Ethernet header --- */ const struct ndpi_ethhdr *ethernet; /* --- LLC header --- */ - const struct ndpi_llc_header *llc; + const struct ndpi_llc_header_snap *llc; /* --- Cisco HDLC header --- */ const struct ndpi_chdlc *chdlc; @@ -673,13 +673,13 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = check; if(pyld_eth_len != 0) { - llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + llc = (struct ndpi_llc_header_snap *)(&packet[ip_offset]); /* check for LLC layer with SNAP extension */ if(llc->dsap == SNAP || llc->ssap == SNAP) { -#define SNAP_EXT type = llc->snap.proto_ID; ip_offset += + 8; } + /* No SNAP extension - Spanning Tree pkt must be discarted */ else if(llc->dsap == BSTP || llc->ssap == BSTP) { goto v4_warning; } @@ -716,12 +716,12 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Check ether_type from LLC */ - llc = (struct ndpi_llc_header*)(packet + eth_offset + wifi_len + radio_len); + llc = (struct ndpi_llc_header_snap*)(packet + eth_offset + wifi_len + radio_len); if(llc->dsap == SNAP) type = ntohs(llc->snap.proto_ID); /* Set IP header offset */ - ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header) + eth_offset; + ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap) + eth_offset; break; case DLT_RAW: diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 490098086..e1fbeb71c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -138,14 +138,12 @@ struct ndpi_snap_extension } PACK_OFF; PACK_ON -struct ndpi_llc_header +struct ndpi_llc_header_snap { u_int8_t dsap; u_int8_t ssap; u_int8_t ctrl; -#ifdef SNAP_EXT struct ndpi_snap_extension snap; -#endif } PACK_OFF; /* ++++++++++ RADIO TAP header (for IEEE 802.11) +++++++++++++ */ -- cgit v1.2.3 From 4c5de9ef8e9e14289ce9024349390fe06b59c769 Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 17 Apr 2017 09:38:30 +0200 Subject: Added ethernet checksum reforging and nDPI protocol export in nDPI-extcap reader --- example/ndpiReader.c | 26 +++++++++++++++++++++----- example/ndpi_util.c | 40 ++++++++++++++++++++++++++++++++++++++++ example/ndpi_util.h | 2 +- 3 files changed, 62 insertions(+), 6 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b32650871..9eab4500f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -81,7 +81,13 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +struct ndpi_packet_trailer { + u_int32_t magic; /* 0x19682017 */ + u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; +}; + static pcap_dumper_t *extcap_dumper = NULL; +static char extcap_buf[2048]; static char *extcap_capture_fifo = NULL; static u_int16_t extcap_packet_filter = (u_int16_t)-1; @@ -422,7 +428,7 @@ static void parseOptions(int argc, char **argv) { case '9': extcap_packet_filter = atoi(optarg); break; - + default: help(0); break; @@ -1383,12 +1389,22 @@ static void pcap_packet_callback_checked(u_char *args, ) ) { struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; - + uint32_t *crc, delta = sizeof(struct ndpi_packet_trailer) + 4 /* ethernet trailer */; + struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; + + memcpy(extcap_buf, packet, h->caplen); + trailer->magic = 0x19682017; + trailer->master_protocol = p.master_protocol, trailer->app_protocol = p.app_protocol; + crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; + *crc = 0; + ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); + h->caplen += delta, h->len += delta; + #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); #endif - // h->caplen += 8, h->len += 8; - pcap_dump((u_char*)extcap_dumper, h, packet); + + pcap_dump((u_char*)extcap_dumper, h, (const u_char *)extcap_buf); } /* check for buffer changes */ @@ -1503,7 +1519,7 @@ void test_lib() { exit(-1); } } - + gettimeofday(&end, NULL); tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 8fe80111a..cd3c8a1e3 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -909,3 +909,43 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, return(packet_processing(workflow, time, vlan_id, iph, iph6, ip_offset, header->len - ip_offset, header->len)); } + +/* ********************************************************** */ +/* http://home.thep.lu.se/~bjorn/crc/crc32_fast.c */ +/* ********************************************************** */ + +static uint32_t crc32_for_byte(uint32_t r) { + for(int j = 0; j < 8; ++j) + r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; + return r ^ (uint32_t)0xFF000000L; +} + +/* Any unsigned integer type with at least 32 bits may be used as + * accumulator type for fast crc32-calulation, but unsigned long is + * probably the optimal choice for most systems. */ +typedef unsigned long accum_t; + +static void init_tables(uint32_t* table, uint32_t* wtable) { + for(size_t i = 0; i < 0x100; ++i) + table[i] = crc32_for_byte(i); + for(size_t k = 0; k < sizeof(accum_t); ++k) + for(size_t w, i = 0; i < 0x100; ++i) { + for(size_t j = w = 0; j < sizeof(accum_t); ++j) + w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; + wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); + } +} + +void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { + static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; + size_t n_accum = n_bytes/sizeof(accum_t); + if(!*table) + init_tables(table, wtable); + for(size_t i = 0; i < n_accum; ++i) { + accum_t a = *crc ^ ((accum_t*)data)[i]; + for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) + *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; + } + for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; +} diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 4895cdcb1..a8e21d673 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -160,5 +160,5 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * /* compare two nodes in workflow */ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); - +void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc); #endif -- cgit v1.2.3 From c1db9a830d84281c146d9628c10620d7425ee009 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 18 Apr 2017 17:20:43 +0200 Subject: Compilation fix for old compilers --- example/ndpi_util.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index cd3c8a1e3..783f05c86 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -915,7 +915,9 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - for(int j = 0; j < 8; ++j) + int j; + + for(j = 0; j < 8; ++j) r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; return r ^ (uint32_t)0xFF000000L; } @@ -926,11 +928,13 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - for(size_t i = 0; i < 0x100; ++i) + size_t i, k, w, j; + + for(i = 0; i < 0x100; ++i) table[i] = crc32_for_byte(i); - for(size_t k = 0; k < sizeof(accum_t); ++k) - for(size_t w, i = 0; i < 0x100; ++i) { - for(size_t j = w = 0; j < sizeof(accum_t); ++j) + for(k = 0; k < sizeof(accum_t); ++k) + for(i = 0; i < 0x100; ++i) { + for(j = w = 0; j < sizeof(accum_t); ++j) w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); } @@ -939,13 +943,16 @@ static void init_tables(uint32_t* table, uint32_t* wtable) { void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; size_t n_accum = n_bytes/sizeof(accum_t); + size_t i, k, j; + if(!*table) init_tables(table, wtable); - for(size_t i = 0; i < n_accum; ++i) { + for(i = 0; i < n_accum; ++i) { accum_t a = *crc ^ ((accum_t*)data)[i]; - for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) + for(j = *crc = 0; j < sizeof(accum_t); ++j) *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; } - for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + + for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } -- cgit v1.2.3 From a9c01ded174ed380a2d135cfb9b903f616b0e175 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 19 Apr 2017 21:55:49 +0200 Subject: ndpiReader now prints (-v) the flows with the correct direction --- example/ndpiReader.c | 28 +++++++++++++++++----------- example/ndpi_util.c | 22 ++++++++++------------ example/ndpi_util.h | 2 +- 3 files changed, 28 insertions(+), 24 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b0b21b2b3..ca06e98b8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -553,17 +553,23 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(!json_flag) { fprintf(out, "\t%u", ++num_flows); - fprintf(out, "\t%s %s%s%s:%u <-> %s%s%s:%u ", - ipProto2Name(flow->protocol), - (flow->ip_version == 6) ? "[" : "", - flow->lower_name, - (flow->ip_version == 6) ? "]" : "", - ntohs(flow->lower_port), - (flow->ip_version == 6) ? "[" : "", - flow->upper_name, - (flow->ip_version == 6) ? "]" : "", - ntohs(flow->upper_port)); - + fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); + + if(flow->src_to_dst_direction == 1) + fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", + (flow->ip_version == 6) ? "[" : "", + flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port), + (flow->ip_version == 6) ? "[" : "", + flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port) + ); + else + fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", + (flow->ip_version == 6) ? "[" : "", + flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port), + (flow->ip_version == 6) ? "[" : "", + flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port) + ); + if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); if(flow->detected_protocol.master_protocol) { diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 783f05c86..445ade1ac 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -260,9 +260,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; + // tcp workflow->stats.tcp_count++; - - // tcp *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); @@ -287,12 +286,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); *payload = &l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); - - // udp } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + // udp workflow->stats.udp_count++; - *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); *payload = &l4[sizeof(struct ndpi_udphdr)]; @@ -335,7 +332,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(ret == NULL) { if(workflow->stats.ndpi_flow_count == workflow->prefs.max_ndpi_flows) { - NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, "maximum flow count (%u) has been exceeded\n", workflow->prefs.max_ndpi_flows); + NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, + "maximum flow count (%u) has been exceeded\n", + workflow->prefs.max_ndpi_flows); exit(-1); } else { struct ndpi_flow_info *newflow = (struct ndpi_flow_info*)malloc(sizeof(struct ndpi_flow_info)); @@ -350,7 +349,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow newflow->lower_ip = lower_ip, newflow->upper_ip = upper_ip; newflow->lower_port = lower_port, newflow->upper_port = upper_port; newflow->ip_version = version; - + newflow->src_to_dst_direction = *src_to_dst_direction; + if(version == IPVERSION) { inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); @@ -520,7 +520,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, struct ndpi_udphdr *udph = NULL; u_int16_t sport, dport, payload_len; u_int8_t *payload; - u_int8_t src_to_dst_direction= 1; + u_int8_t src_to_dst_direction = 1; if(iph) flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, iph, NULL, @@ -542,9 +542,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ndpi_flow = flow->ndpi_flow; flow->packets++, flow->bytes += rawsize; flow->last_seen = time; - } else { + } else return(flow->detected_protocol); - } /* Protocol already detected */ if(flow->detection_completed) return(flow->detected_protocol); @@ -556,8 +555,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { - /* New protocol detected or give up */ - + /* New protocol detected or give up */ flow->detection_completed = 1; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index a8e21d673..335c94ddf 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -46,7 +46,7 @@ typedef struct ndpi_flow_info { u_int32_t upper_ip; u_int16_t lower_port; u_int16_t upper_port; - u_int8_t detection_completed, protocol; + u_int8_t detection_completed, protocol, src_to_dst_direction; u_int16_t vlan_id; struct ndpi_flow_struct *ndpi_flow; char lower_name[48], upper_name[48]; -- cgit v1.2.3 From 9a94c34b91250643c383904b14352e282cfb056c Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 20 Apr 2017 23:00:11 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/364 --- example/ndpi_util.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 445ade1ac..d6be479a0 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -220,7 +220,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow return NULL; if((iph->ihl * 4) > ipsize || ipsize < ntohs(iph->tot_len) - || (iph->frag_off & htons(0x1FFF)) != 0) + /* || (iph->frag_off & htons(0x1FFF)) != 0 */) return NULL; l4_offset = iph->ihl * 4; @@ -521,6 +521,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, u_int16_t sport, dport, payload_len; u_int8_t *payload; u_int8_t src_to_dst_direction = 1; + struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; if(iph) flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, iph, NULL, @@ -542,8 +543,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ndpi_flow = flow->ndpi_flow; flow->packets++, flow->bytes += rawsize; flow->last_seen = time; - } else - return(flow->detected_protocol); + } else { // flow is NULL + workflow->stats.total_discarded_bytes++; + return (nproto); + } /* Protocol already detected */ if(flow->detection_completed) return(flow->detected_protocol); -- cgit v1.2.3 From b9a2511ea80341a5b7186dc49835e4173c4437e5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 23 Apr 2017 19:58:41 +0200 Subject: Initial Wireshark nDPI integration --- example/ndpiReader.c | 10 +++---- example/ndpi_util.c | 85 ++++++++++++++++++++++++++-------------------------- wireshark/README.md | 20 +++++++++++++ wireshark/ndpi.lua | 47 +++++++++++++++++++++++++++++ 4 files changed, 114 insertions(+), 48 deletions(-) create mode 100644 wireshark/README.md create mode 100644 wireshark/ndpi.lua (limited to 'example/ndpi_util.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2b02093cb..254934ba9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -93,6 +93,7 @@ struct port_stats *srcStats = NULL, *dstStats = NULL; struct ndpi_packet_trailer { u_int32_t magic; /* 0x19682017 */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; + char name[16]; }; static pcap_dumper_t *extcap_dumper = NULL; @@ -249,14 +250,12 @@ void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; -#if 1 + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" "{tooltip=The interface name}\n", argidx++); -#else printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); -#endif printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); @@ -1494,8 +1493,9 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; memcpy(extcap_buf, packet, h->caplen); - trailer->magic = 0x19682017; - trailer->master_protocol = p.master_protocol, trailer->app_protocol = p.app_protocol; + trailer->magic = htonl(0x19680924); + trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); + ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; *crc = 0; ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d6be479a0..941e7f88d 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -260,7 +260,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; - // tcp + // tcp workflow->stats.tcp_count++; *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); @@ -288,7 +288,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { // udp - + workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); @@ -350,7 +350,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow newflow->lower_port = lower_port, newflow->upper_port = upper_port; newflow->ip_version = version; newflow->src_to_dst_direction = *src_to_dst_direction; - + if(version == IPVERSION) { inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); @@ -442,19 +442,19 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { if(!flow->ndpi_flow) return; - - snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", + + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); /* BITTORRENT */ if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { int i, j, n = 0; - + for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); j += 2, n += flow->ndpi_flow->bittorent_hash[i]; } - + if(n == 0) flow->bittorent_hash[0] = '\0'; } /* MDNS */ @@ -545,7 +545,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->last_seen = time; } else { // flow is NULL workflow->stats.total_discarded_bytes++; - return (nproto); + return(nproto); } /* Protocol already detected */ @@ -558,17 +558,16 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { - /* New protocol detected or give up */ + /* New protocol detected or give up */ flow->detection_completed = 1; - } - if(flow->detection_completed) { + process_ndpi_collected_info(workflow, flow); + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow); - } + } - process_ndpi_collected_info(workflow, flow); return(flow->detected_protocol); } @@ -602,7 +601,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, struct ndpi_ipv6hdr *iph6; struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; - + /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; @@ -916,11 +915,11 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - int j; - - for(j = 0; j < 8; ++j) - r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; - return r ^ (uint32_t)0xFF000000L; + int j; + + for(j = 0; j < 8; ++j) + r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; + return r ^ (uint32_t)0xFF000000L; } /* Any unsigned integer type with at least 32 bits may be used as @@ -929,31 +928,31 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - size_t i, k, w, j; - - for(i = 0; i < 0x100; ++i) - table[i] = crc32_for_byte(i); - for(k = 0; k < sizeof(accum_t); ++k) - for(i = 0; i < 0x100; ++i) { - for(j = w = 0; j < sizeof(accum_t); ++j) - w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; - wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); - } + size_t i, k, w, j; + + for(i = 0; i < 0x100; ++i) + table[i] = crc32_for_byte(i); + for(k = 0; k < sizeof(accum_t); ++k) + for(i = 0; i < 0x100; ++i) { + for(j = w = 0; j < sizeof(accum_t); ++j) + w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; + wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); + } } void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { - static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; - size_t n_accum = n_bytes/sizeof(accum_t); - size_t i, k, j; - - if(!*table) - init_tables(table, wtable); - for(i = 0; i < n_accum; ++i) { - accum_t a = *crc ^ ((accum_t*)data)[i]; - for(j = *crc = 0; j < sizeof(accum_t); ++j) - *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; - } - - for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) - *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; + static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; + size_t n_accum = n_bytes/sizeof(accum_t); + size_t i, k, j; + + if(!*table) + init_tables(table, wtable); + for(i = 0; i < n_accum; ++i) { + accum_t a = *crc ^ ((accum_t*)data)[i]; + for(j = *crc = 0; j < sizeof(accum_t); ++j) + *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; + } + + for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } diff --git a/wireshark/README.md b/wireshark/README.md new file mode 100644 index 000000000..1811c663e --- /dev/null +++ b/wireshark/README.md @@ -0,0 +1,20 @@ +# nDPI Wireshark Plugin + +## Introduction + +nDPI can provide Wireshark protocol dissection to complement internal protocol decoding. In order to do this, the ndpiReader application is used to provide Wireshark nDPI protocol dissection, and a Wireshark plugin interprets nDPI information. + +## Installation + +- Copy the ndpiReader application (it is located under nDPI/example) to the Extcap path. See Wireshark -> About menu for identifying the extcap directory. Under OSX it is usually /Applications/Wireshark.app/Contents/MacOS/extcap +- Copy the ndpi.lua plugin under ~/.wireshark/plugins (or in the global Wireshark plugins directory) + +## Usage + +At Wireshark startup you will find a new extcap interface named "nDPI interface". Select that interface and specify an interface name (for live capture) or a pcap file path (for reading packets from a pcap file). You can choose a nDPI protocol list from the dropdown menu in case you want Wireshark to dissect only protocols of the specified nDPI application protocol. + +During capture the ndpiReader plugin will pass Wireshark the nDPI protocol information adding an ethernet packet trailer that contains nDPI information. The lua plugin interprets this information and it displays it in the Wireshark GUI. + +## nDPI Packet Filtering + +As nDPI is natively integrated into Wireshark, you can filter packets using the usual filtering mechanism. Example use "ndpi.protocol.name==BitTorrent" to filter all BitTorrent traffic. diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua new file mode 100644 index 000000000..2065d2335 --- /dev/null +++ b/wireshark/ndpi.lua @@ -0,0 +1,47 @@ +-- +-- (C) 2017 - ntop.org +-- +-- This plugin is part of nDPI (https://github.com/ntop/nDPI) +-- +-- +local ndpi_proto = Proto("ndpi", "nDPI", "nDPI Protocol Interpreter") + +ndpi_proto.fields = {} +local fds = ndpi_proto.fields + +fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) +fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) +fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) + +local f_eth_trailer = Field.new("eth.trailer") + +-- ############################################### + +-- the dissector function callback +function ndpi_proto.dissector(tvb, pinfo, tree) + local pktlen = tvb:len() + local eth_trailer = f_eth_trailer() + local magic = tostring(tvb(pktlen-28,4)) + + if(magic == "19680924") then + local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") + local network_protocol = tvb(pktlen-24,2) + local application_protocol = tvb(pktlen-22,2) + local name = tvb(pktlen-20,16) + local name_str = name:string(ENC_UTF_8) + + ndpi_subtree:add(fds.network_protocol, network_protocol) + ndpi_subtree:add(fds.application_protocol, application_protocol) + ndpi_subtree:add(fds.name, name) + + local pname = ""..application_protocol + if(pname ~= "0000") then + -- Set protocol name in the wireshark protocol column (if not Unknown) + pinfo.cols.protocol = name_str + end + end +end + +register_postdissector(ndpi_proto) + +-- ############################################### -- cgit v1.2.3 From e1b905124fce4d1aac35006f6721e27c1ee81228 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 27 Apr 2017 14:57:04 +0200 Subject: Improved SSL dissection --- example/ndpi_util.c | 7 +- tests/result/Instagram.pcap.out | 14 +- tests/result/KakaoTalk_chat.pcap.out | 6 +- tests/result/Viber_session.pcap.out | 40 ++-- tests/result/ocs.pcap.out | 4 +- tests/result/skype.pcap.out | 384 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 290 +++++++++++----------- tests/result/starcraft_battle.pcap.out | 8 +- tests/result/viber_mobile.pcap.out | 160 ++++++------- tests/result/whatsapp_login_call.pcap.out | 105 ++++---- 10 files changed, 507 insertions(+), 511 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 941e7f88d..eb6744ccc 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -561,11 +561,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, /* New protocol detected or give up */ flow->detection_completed = 1; - process_ndpi_collected_info(workflow, flow); - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, - flow->ndpi_flow); + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, + flow->ndpi_flow); + process_ndpi_collected_info(workflow, flow); } return(flow->detected_protocol); diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 83b0492bb..edd889471 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -1,30 +1,30 @@ Unknown 1 66 1 -HTTP 266 245342 7 +HTTP 116 91784 6 ICMP 5 510 1 -SSL 93 57298 4 -Facebook 10 5299 1 +SSL 2 169 1 +Facebook 251 215986 5 Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91/SSL][11 pkts/5397 bytes] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][150 pkts/153558 bytes] + 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91/SSL][68 pkts/45688 bytes] - 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91/SSL][12 pkts/6044 bytes] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] + 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index b1df9ee34..4fee1d276 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,9 +1,9 @@ DNS 2 217 1 -HTTP 15 840 2 +HTTP 1 56 1 ICMP 1 147 1 SSL 29 4579 3 Facebook 215 51809 12 -Google 2 247 2 +Google 16 1031 3 HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 @@ -36,7 +36,7 @@ KakaoTalk 55 9990 15 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index f396686c7..81ef39da8 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -1,13 +1,13 @@ -Unknown 145 9356 7 +Unknown 163 9995 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 104 9782 9 -Facebook 59 5744 3 +SSL 80 7703 8 +Facebook 29 3944 2 Dropbox 1 97 1 GMail 21 1891 1 -Google 26 2005 4 -Viber 4151 391331 3 +Google 50 4084 5 +Viber 4163 392492 4 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] @@ -22,17 +22,17 @@ Amazon 1 66 1 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] - 13 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 119/Facebook][30 pkts/1800 bytes] - 14 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91/SSL][24 pkts/2079 bytes] - 15 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] - 16 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] - 18 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 20 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 21 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 22 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 23 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] + 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] + 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] + 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] + 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] @@ -45,9 +45,9 @@ Amazon 1 66 1 Undetected flows: 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 4 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 5 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 0/Unknown][12 pkts/1161 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index feb238eb8..abb202085 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,15 +1,15 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 +SSL 20 2715 1 Google 41 5525 6 -Amazon 20 2715 1 OCS 863 57552 7 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91.178/SSL.Amazon][20 pkts/2715 bytes] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 0f0a3cc5e..69fff20f5 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 416 54589 17 +Unknown 381 48593 15 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -6,9 +6,9 @@ SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 -Dropbox 52 19156 6 -Skype 1896 291402 243 -Apple 3 168 1 +Dropbox 38 17948 5 +Skype 1933 296729 245 +Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -111,184 +111,186 @@ MS_OneDrive 387 198090 1 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] 98 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] - 99 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] - 100 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] - 101 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] - 102 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] - 103 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] - 104 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] - 105 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] - 106 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] - 107 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 108 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] - 109 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] - 110 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] - 111 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] - 112 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] - 113 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] - 114 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] - 115 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] - 116 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] - 117 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] - 118 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] - 119 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 120 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] - 122 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] - 123 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] - 124 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] - 127 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] - 128 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 129 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] - 130 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 148 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 149 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 150 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 151 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 152 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 156 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 157 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 158 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 159 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 160 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 161 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 162 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 163 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 164 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 166 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 167 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 194 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 195 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 196 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 197 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 198 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 199 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 200 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 201 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 203 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 204 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 205 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 206 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 208 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 209 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 210 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 211 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 212 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 213 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 214 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 220 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 221 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 222 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 224 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 225 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 226 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 227 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 228 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 229 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 230 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 231 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 232 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 233 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 234 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 236 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 237 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 238 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 241 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 244 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 245 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 246 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 247 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 248 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 249 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 250 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 251 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 252 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 253 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 254 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 258 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 267 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 268 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 269 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 270 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 271 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 272 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.121/SSL.Dropbox][14 pkts/1208 bytes] - 273 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 274 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 275 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 276 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes] + 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] + 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] + 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] + 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] + 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] + 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] + 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] + 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] + 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] + 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] + 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] + 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] + 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] + 113 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] + 114 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] + 115 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] + 116 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] + 117 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] + 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] + 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] + 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] + 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] + 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] + 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] + 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] + 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] + 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] + 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 198 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 202 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 208 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 213 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 222 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 227 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 230 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 240 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 253 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 278 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -299,13 +301,11 @@ Undetected flows: 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] - 8 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 0/Unknown][12 pkts/1877 bytes] - 9 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 10 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 11 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 12 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 13 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 14 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 15 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 16 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 17 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] + 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 6f39106c4..3e631832f 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 236 70600 14 +Unknown 216 66695 13 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1241 181327 221 +Skype 1261 185232 222 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,142 +128,143 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 119 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] - 120 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] - 122 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 123 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] - 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 148 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] - 149 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] - 150 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] - 151 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] - 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 177 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] - 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 182 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 185 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 188 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 204 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 227 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 241 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] - 242 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] - 243 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] - 244 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] - 245 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] - 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 120 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] + 121 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] + 123 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 124 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 136 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] + 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 141 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] + 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 143 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] + 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 149 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] + 150 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] + 151 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] + 152 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 178 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 179 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] + 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 183 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 186 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 189 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 190 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 191 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 201 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 202 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 203 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 205 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 206 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 207 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 209 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 218 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] + 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 228 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] + 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 242 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] + 243 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] + 244 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] + 245 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] + 246 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 250 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 252 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] + 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: @@ -274,10 +275,9 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] - 13 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 10 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] + 12 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 3d096ba01..f2d26ea0a 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,11 +4,11 @@ SSDP 11 4984 1 HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 30 1998 9 +SSL 38 2548 11 Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 -Starcraft 244 52044 8 +Starcraft 236 51494 6 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] @@ -28,8 +28,8 @@ Starcraft 244 52044 8 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 80e00c267..c311e74b3 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -1,4 +1,4 @@ -Unknown 195 17876 9 +Unknown 163 9995 7 DNS 16 1943 7 HTTP 43 4771 7 BitTorrent 57 13074 27 @@ -8,90 +8,90 @@ SSL 79 21658 7 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 60 11337 7 +Google 76 17175 8 WhatsApp 31 6224 2 -Viber 10065 1411403 3 +Viber 10081 1413446 4 Amazon 8 528 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 4 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 5 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] - 6 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 7 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] - 8 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] - 9 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] - 10 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] - 11 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] - 12 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 13 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] - 14 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] - 15 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 16 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 17 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] - 18 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 19 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 20 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 21 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 22 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 23 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 24 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] - 25 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 26 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 27 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 28 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 29 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] - 30 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 31 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 33 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] - 34 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 35 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] - 36 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 37 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] - 38 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 39 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 40 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 41 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 42 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] - 43 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] - 44 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 45 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] - 46 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] - 47 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] - 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 49 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] - 50 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] - 51 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 52 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 54 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 55 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 56 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 57 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] - 58 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 59 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] - 60 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 61 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 62 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 63 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] - 64 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] - 65 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 66 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 67 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 68 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] - 69 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 70 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] + 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] + 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] + 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] + 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] + 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] + 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] + 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] + 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] + 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] + 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] + 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] + 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] + 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] + 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] + 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] + 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] + 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] + 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] + 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] + 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] + 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] + 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] + 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] + 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] + 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] + 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] + 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] + 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] + 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] + 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] + 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] + 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] + 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] + 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] + 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] + 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] + 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] + 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] + 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] + 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] + 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] + 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] + 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] + 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] + 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] + 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 0/Unknown][16 pkts/5838 bytes] - 2 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 5 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 6 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 0/Unknown][16 pkts/2043 bytes] - 8 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 9 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 99ff51ed5..f689282ed 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -1,7 +1,7 @@ -Unknown 27 2322 2 HTTP 11 726 3 MDNS 8 952 4 DHCP 10 3420 1 +STUN 27 2322 2 ICMP 10 700 1 SSL 8 589 2 Facebook 70 9464 14 @@ -19,56 +19,53 @@ WhatsAppVoice 706 91156 4 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 8 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 9 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 10 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 11 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 12 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] - 15 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] - 16 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] - 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 30 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] - 31 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] - 32 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] - 33 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] - 34 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] - 35 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 36 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] - 37 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] - 38 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 39 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 40 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 41 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 43 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] - 44 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 46 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 49 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] - 50 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] - 51 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] - 52 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 53 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 54 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] - 55 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - - -Undetected flows: - 1 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 0/Unknown][15 pkts/1290 bytes] - 2 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 0/Unknown][12 pkts/1032 bytes] + 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] + 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] + 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] + 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] + 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] + 33 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] + 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] + 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] + 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] + 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] + 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] + 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] + 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] + 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] + 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] + 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] + 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] -- cgit v1.2.3 From 064b50df819918734062294984e529bd62bd594c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 30 Apr 2017 10:12:28 +0200 Subject: Added -m for splitting analysis in sub-analysis steps --- example/ndpiReader.c | 102 ++++++++++++++++++++++++++++++++------------------- example/ndpi_util.c | 2 +- example/ndpi_util.h | 1 + 3 files changed, 67 insertions(+), 38 deletions(-) (limited to 'example/ndpi_util.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1f982b60b..59ca8b3a1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -69,10 +69,12 @@ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; +static u_int32_t pcap_analysis_duration = (u_int32_t)-1; static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; static u_int8_t shutdown_app = 0, quiet_mode = 0; static u_int8_t num_threads = 1; +static struct timeval begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif @@ -146,13 +148,14 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle); static void help(u_int long_help) { printf("Welcome to nDPI %s\n\n", ndpi_revision()); - printf("ndpiReader -i [-f ][-s ]\n" + printf("ndpiReader -i [-f ][-s ][-m ]\n" " [-p ][-l [-q][-d][-h][-t][-v ]\n" " [-n ] [-w ] [-j ]\n\n" "Usage:\n" " -i | Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list)\n" " -f | Specify a BPF filter for filtering selected traffic\n" " -s | Maximum capture duration in seconds (live traffic capture only)\n" + " -m | Split analysis duration in max seconds\n" " -p .protos | Specify a protocol file (eg. protos.txt)\n" " -l | Number of detection loops (test only)\n" " -n | Number of threads. Default: number of interfaces in -i. Ignored with pcap files.\n" @@ -262,7 +265,7 @@ void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; struct ndpi_proto_sorter *protos; - + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -271,12 +274,12 @@ void extcap_config() { printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); #endif - + setupDetection(0, NULL); ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; - + protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols); - if(!protos) exit(0); + if(!protos) exit(0); for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { protos[i].id = i; @@ -284,18 +287,18 @@ void extcap_config() { } qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); - + printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); - + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, protos[i].id, protos[i].name, protos[i].id); free(protos); - + exit(0); } @@ -341,7 +344,7 @@ static void parseOptions(int argc, char **argv) { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:", longopts, &option_idx)) != EOF) { + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); #endif @@ -356,6 +359,10 @@ static void parseOptions(int argc, char **argv) { _pcap_file[0] = optarg; break; + case 'm': + pcap_analysis_duration = atol(optarg); + break; + case 'f': case '6': _bpf_filter = optarg; @@ -580,7 +587,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if((verbose != 1) && (verbose != 2)) return; - + if(!json_flag) { fprintf(out, "\t%u", ++num_flows); @@ -937,7 +944,6 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { * @brief End of detection and free flow */ static void terminateDetection(u_int16_t thread_id) { - ndpi_workflow_free(ndpi_thread_info[thread_id].workflow); } @@ -1047,12 +1053,12 @@ static int port_stats_sort(void *_a, void *_b) { void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; int i = 0; - + HASH_ITER(hh, stats, s, tmp) { i++; printf("\t%2d\tPort %5u\t[%u pkts/%u bytes]\n", i, s->port, s->num_pkts, s->num_bytes); if(i >= 10) break; - } + } } /* *********************************************** */ @@ -1061,7 +1067,6 @@ void printPortStats(struct port_stats *stats) { * @brief Print result */ static void printResults(u_int64_t tot_usec) { - u_int32_t i; u_int64_t total_flow_bytes = 0; u_int32_t avg_pkt_size = 0; @@ -1073,10 +1078,10 @@ static void printResults(u_int64_t tot_usec) { json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; - + memset(&cumulative_stats, 0, sizeof(cumulative_stats)); - for(thread_id = 0; thread_id < num_threads; thread_id++) { + for(thread_id = 0; thread_id < num_threads; thread_id++) { if((ndpi_thread_info[thread_id].workflow->stats.total_wire_bytes == 0) && (ndpi_thread_info[thread_id].workflow->stats.raw_packet_count == 0)) continue; @@ -1090,7 +1095,7 @@ static void printResults(u_int64_t tot_usec) { HASH_SORT(srcStats, port_stats_sort); HASH_SORT(dstStats, port_stats_sort); } - + /* Stats aggregation */ cumulative_stats.guessed_flow_protocols += ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols; cumulative_stats.raw_packet_count += ndpi_thread_info[thread_id].workflow->stats.raw_packet_count; @@ -1117,6 +1122,8 @@ static void printResults(u_int64_t tot_usec) { cumulative_stats.max_packet_len += ndpi_thread_info[thread_id].workflow->stats.max_packet_len; } + if(cumulative_stats.total_wire_bytes == 0) return; + if(!quiet_mode) { printf("\nnDPI Memory statistics:\n"); printf("\tnDPI Memory (once): %-13s\n", formatBytes(sizeof(struct ndpi_detection_module_struct), buf, sizeof(buf))); @@ -1155,7 +1162,7 @@ static void printResults(u_int64_t tot_usec) { printf("\tPacket Len > 1500: %-13lu\n", (unsigned long)cumulative_stats.packet_len[5]); if(tot_usec > 0) { - char buf[32], buf1[32]; + char buf[32], buf1[32], when[64]; float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; @@ -1164,6 +1171,11 @@ static void printResults(u_int64_t tot_usec) { printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)traffic_duration; + + strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_start.tv_sec)); + printf("\tAnalysis begin: %s\n", when); + strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_end.tv_sec)); + printf("\tAnalysis end: %s\n", when); printf("\tTraffic throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); printf("\tTraffic duration: %.3f sec\n", traffic_duration/1000000); } @@ -1315,11 +1327,12 @@ static void printResults(u_int64_t tot_usec) { if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); - + printf("\nDestination Ports Stats:\n"); printPortStats(dstStats); - + deletePortsStats(srcStats), deletePortsStats(dstStats); + srcStats = NULL, dstStats = NULL; } } @@ -1328,14 +1341,11 @@ static void printResults(u_int64_t tot_usec) { * @brief Force a pcap_dispatch() or pcap_loop() call to return */ static void breakPcapLoop(u_int16_t thread_id) { - if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { pcap_breakloop(ndpi_thread_info[thread_id].workflow->pcap_handle); } } - - /** * @brief Sigproc is executed for each packet in the pcap file */ @@ -1453,9 +1463,9 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi /** * @brief Check pcap packet */ -static void pcap_packet_callback_checked(u_char *args, - const struct pcap_pkthdr *header, - const u_char *packet) { +static void pcap_process_packet(u_char *args, + const struct pcap_pkthdr *header, + const u_char *packet) { struct ndpi_proto p; u_int16_t thread_id = *((u_int16_t*)args); @@ -1516,13 +1526,13 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer; memcpy(&h, header, sizeof(h)); - + if(h.caplen > (sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4)) { printf("INTERNAL ERROR: caplen=%u\n", h.caplen); - h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; + h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; } - trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; + trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; memcpy(extcap_buf, packet, h.caplen); memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(0x19680924); @@ -1546,6 +1556,28 @@ static void pcap_packet_callback_checked(u_char *args, printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu, caplen=%u]\n", thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count, header->caplen); free(packet_checked); + + if((pcap_end.tv_sec-pcap_start.tv_sec) > pcap_analysis_duration) { + int i; + u_int64_t tot_usec; + + gettimeofday(&end, NULL); + tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + + printResults(tot_usec); + + for(i=0; iprefs.num_roots; i++) { + ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); + ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i] = NULL; + + memset(&ndpi_thread_info[thread_id].workflow->stats, 0, sizeof(struct ndpi_stats)); + } + + printf("\n-------------------------------------------\n\n"); + + memcpy(&begin, &end, sizeof(begin)); + memcpy(&pcap_start, &pcap_end, sizeof(pcap_start)); + } } @@ -1553,12 +1585,10 @@ static void pcap_packet_callback_checked(u_char *args, * @brief Call pcap_loop() to process packets from a live capture or savefile */ static void runPcapLoop(u_int16_t thread_id) { - if((!shutdown_app) && (ndpi_thread_info[thread_id].workflow->pcap_handle != NULL)) - pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_packet_callback_checked, (u_char*)&thread_id); + pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_process_packet, (u_char*)&thread_id); } - /** * @brief Process a running thread */ @@ -1583,7 +1613,7 @@ void * processing_thread(void *_thread_id) { if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id); pcap_loop: - runPcapLoop(thread_id); + runPcapLoop(thread_id); if(playlist_fp[thread_id] != NULL) { /* playlist: read next file */ char filename[256]; @@ -1603,7 +1633,7 @@ void * processing_thread(void *_thread_id) { * @brief Begin, process, end detection process */ void test_lib() { - struct timeval begin, end; + struct timeval end; u_int64_t tot_usec; long thread_id; @@ -1690,8 +1720,6 @@ int main(int argc, char **argv) { automataUnitTest(); memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); - memset(&pcap_start, 0, sizeof(pcap_start)); - memset(&pcap_end, 0, sizeof(pcap_end)); parseOptions(argc, argv); @@ -1714,7 +1742,7 @@ int main(int argc, char **argv) { if(results_path) free(results_path); if(results_file) fclose(results_file); if(extcap_dumper) pcap_dump_close(extcap_dumper); - + return 0; } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index eb6744ccc..1ba77eb80 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -129,7 +129,7 @@ struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * pre /* ***************************************************** */ -static void ndpi_flow_info_freer(void *node) { +void ndpi_flow_info_freer(void *node) { struct ndpi_flow_info *flow = (struct ndpi_flow_info*)node; ndpi_free_flow_info_half(flow); diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 335c94ddf..9d8f1e446 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -161,4 +161,5 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc); +void ndpi_flow_info_freer(void *node); #endif -- cgit v1.2.3