From 278a067d437f8fa4d6492071bcb356f9c1fc8c4f Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Sun, 7 Feb 2016 19:29:30 +0200
Subject: First skeleton for Coap dissector.

---
 src/lib/protocols/coap.c | 214 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 214 insertions(+)
 create mode 100644 src/lib/protocols/coap.c

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c
new file mode 100644
index 000000000..bd349b2cd
--- /dev/null
+++ b/src/lib/protocols/coap.c
@@ -0,0 +1,214 @@
+/*
+ * coap.c
+ *
+ * Copyright (C) 2016 Sorin Zamfir <sorin.zamfir@yahoo.com>
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#define NDPI_PROTOCOL_COAP
+
+#include "ndpi_protocols.h"
+#ifdef NDPI_PROTOCOL_COAP
+static void ndpi_int_coap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
+	// not sure if this is accurate but coap runs on top of udp and should be connectionless
+	  if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+	    /* This is COAP and it is not a sub protocol (e.g. lwm2m) */
+	    ndpi_search_tcp_or_udp(ndpi_struct, flow);
+//
+//	    /* If no custom protocol has been detected */
+	    if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+//	      if(protocol != NDPI_PROTOCOL_HTTP) {
+//		ndpi_search_tcp_or_udp(ndpi_struct, flow);
+//		ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
+//	      } else {
+//		ndpi_int_reset_protocol(flow);
+//		ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
+//	      }
+//	    }
+//
+//	    flow->http_detected = 1;
+//	  }
+}
+
+void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+	struct ndpi_packet_struct *packet = &flow->packet;
+	//TODO
+	if (packet->detected_protocol_stack[0]!= NDPI_PROTOCOL_UNKNOWN){
+		return;
+	}
+	NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP detected...\n");
+//	if packet->
+}
+
+void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
+			 NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+//TODO
+
+	//  ndpi_set_bitmask_protocol_detection("HTTP",ndpi_struct, detection_bitmask, *id,
+//				      NDPI_PROTOCOL_HTTP,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//
+//#if 0
+//  ndpi_set_bitmask_protocol_detection("HTTP_Proxy", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_PROTOCOL_HTTP_PROXY,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//
+//#ifdef NDPI_CONTENT_MPEG
+//  ndpi_set_bitmask_protocol_detection("MPEG", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_MPEG,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//
+//  *id += 1;
+//#endif
+//#ifdef NDPI_CONTENT_FLASH
+//  ndpi_set_bitmask_protocol_detection("Flash", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_FLASH,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_CONTENT_QUICKTIME
+//  ndpi_set_bitmask_protocol_detection("QuickTime", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_QUICKTIME,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_CONTENT_REALMEDIA
+//  ndpi_set_bitmask_protocol_detection("RealMedia", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_REALMEDIA,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_CONTENT_WINDOWSMEDIA
+//  ndpi_set_bitmask_protocol_detection("WindowsMedia", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_WINDOWSMEDIA,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_CONTENT_MMS
+//  ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_MMS,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_PROTOCOL_XBOX
+//  ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_PROTOCOL_XBOX,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_PROTOCOL_QQ
+//  ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_PROTOCOL_QQ,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_CONTENT_AVI
+//  ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_AVI,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_CONTENT_OGG
+//  ndpi_set_bitmask_protocol_detection("OggVorbis", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_CONTENT_OGG,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//#ifdef NDPI_PROTOCOL_MOVE
+//  ndpi_set_bitmask_protocol_detection("Move", ndpi_struct, detection_bitmask, *id,
+//				      NDPI_PROTOCOL_MOVE,
+//				      ndpi_search_http_tcp,
+//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+//				      ADD_TO_DETECTION_BITMASK);
+//  *id += 1;
+//#endif
+//
+//  /* Update excluded protocol bitmask */
+//  NDPI_BITMASK_SET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
+//  		   ndpi_struct->callback_buffer[a].detection_bitmask);
+//
+//  /*Delete protocol from exluded protocol bitmask*/
+//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_UNKNOWN);
+//
+//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_QQ);
+//
+//#ifdef NDPI_CONTENT_FLASH
+//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_FLASH);
+//#endif
+//
+//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,  NDPI_CONTENT_MMS);
+//  /* #ifdef NDPI_PROTOCOL_RTSP */
+//  /*   NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, */
+//  /* 				 NDPI_PROTOCOL_RTSP); */
+//  /* #endif */
+//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX);
+//
+//  NDPI_BITMASK_SET(ndpi_struct->generic_http_packet_bitmask, ndpi_struct->callback_buffer[a].detection_bitmask);
+//
+//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->generic_http_packet_bitmask, NDPI_PROTOCOL_UNKNOWN);
+//
+//  /* Update callback_buffer index */
+//  a++;
+//
+//#endif
+
+}
+
+#endif // NDPI_PROTOCOL_COAP
-- 
cgit v1.2.3


From ee5e7449acf33e8c1bb40b86ffe176399cb25b74 Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Mon, 8 Feb 2016 23:01:22 +0200
Subject: First running example. No actual low-level detection.

* logging is now running
* included example capture
* included example log
* skeleton for coap detection
---
 example/coap.pcap               |  Bin 0 -> 13039 bytes
 example/exec.log                | 1579 +++++++++++++++++++++++++++++++++++++++
 example/ndpiReader.c            |    2 +-
 src/include/ndpi_define.h       |    1 +
 src/include/ndpi_protocol_ids.h |    3 +-
 src/include/ndpi_protocols.h    |    3 +-
 src/include/ndpi_typedefs.h     |   16 +
 src/lib/Makefile.am             |    1 +
 src/lib/ndpi_main.c             |    8 +
 src/lib/protocols/coap.c        |  216 ++----
 10 files changed, 1659 insertions(+), 170 deletions(-)
 create mode 100644 example/coap.pcap
 create mode 100644 example/exec.log

(limited to 'src/lib/protocols')

diff --git a/example/coap.pcap b/example/coap.pcap
new file mode 100644
index 000000000..b24eeb68a
Binary files /dev/null and b/example/coap.pcap differ
diff --git a/example/exec.log b/example/exec.log
new file mode 100644
index 000000000..c1df4875f
--- /dev/null
+++ b/example/exec.log
@@ -0,0 +1,1579 @@
+
+-----------------------------------------------------------
+* NOTE: This is demo app to show *some* nDPI features.
+* In this demo we have implemented only some basic features
+* just to show you what you can do with the library. Feel 
+* free to extend it and send us the patches for inclusion
+------------------------------------------------------------
+
+Using nDPI (1.7.1-dev-282-278a067) [1 thread(s)]
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size is 135
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 0 as entry 0
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 1 as entry 1
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 2 as entry 2
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 5 as entry 3
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 6 as entry 4
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 7 as entry 5
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 8 as entry 6
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 10 as entry 7
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 10 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 11 as entry 8
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 12 as entry 9
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 13 as entry 10
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 14 as entry 11
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 15 as entry 12
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 16 as entry 13
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 16 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 17 as entry 14
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 18 as entry 15
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 19 as entry 16
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 20 as entry 17
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 21 as entry 18
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 21 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 22 as entry 19
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 23 as entry 20
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 24 as entry 21
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 25 as entry 22
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 26 as entry 23
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 27 as entry 24
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 29 as entry 25
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 30 as entry 26
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 31 as entry 27
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 32 as entry 28
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 33 as entry 29
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 34 as entry 30
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 38 as entry 31
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 40 as entry 32
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 42 as entry 33
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 43 as entry 34
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 44 as entry 35
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 44 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 46 as entry 36
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 47 as entry 37
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 47 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 49 as entry 38
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 50 as entry 39
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 51 as entry 40
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 52 as entry 41
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 54 as entry 42
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 56 as entry 43
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 57 as entry 44
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 58 as entry 45
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 59 as entry 46
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 62 as entry 47
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 65 as entry 48
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 66 as entry 49
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 67 as entry 50
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 68 as entry 51
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 69 as entry 52
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 70 as entry 53
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 71 as entry 54
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 72 as entry 55
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 73 as entry 56
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 75 as entry 57
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 76 as entry 58
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 77 as entry 59
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 78 as entry 60
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 80 as entry 61
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 81 as entry 62
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 82 as entry 63
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 84 as entry 64
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 85 as entry 65
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 86 as entry 66
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 87 as entry 67
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 88 as entry 68
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 89 as entry 69
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 90 as entry 70
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 91 as entry 71
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 92 as entry 72
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 93 as entry 73
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 96 as entry 74
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 98 as entry 75
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 99 as entry 76
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 101 as entry 77
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 104 as entry 78
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 105 as entry 79
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 106 as entry 80
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 107 as entry 81
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 108 as entry 82
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 110 as entry 83
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 111 as entry 84
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 112 as entry 85
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 113 as entry 86
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 114 as entry 87
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 115 as entry 88
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 116 as entry 89
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 117 as entry 90
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 118 as entry 91
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 118 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 119 as entry 92
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 120 as entry 93
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 120 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 122 as entry 94
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 124 as entry 95
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 125 as entry 96
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 125 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 126 as entry 97
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 126 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 133 as entry 98
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 134 as entry 99
+08/Feb/2016 22:56:52 DEBUG: 	callback_buffer_tcp_no_payload, additional adding buffer 134 to no_payload process
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 1 as entry 0
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 3 as entry 1
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 4 as entry 2
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 5 as entry 3
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 7 as entry 4
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 8 as entry 5
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 9 as entry 6
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 10 as entry 7
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 12 as entry 8
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 14 as entry 9
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 15 as entry 10
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 16 as entry 11
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 17 as entry 12
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 21 as entry 13
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 26 as entry 14
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 28 as entry 15
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 29 as entry 16
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 31 as entry 17
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 32 as entry 18
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 33 as entry 19
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 34 as entry 20
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 35 as entry 21
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 36 as entry 22
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 37 as entry 23
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 38 as entry 24
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 39 as entry 25
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 41 as entry 26
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 42 as entry 27
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 44 as entry 28
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 45 as entry 29
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 46 as entry 30
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 47 as entry 31
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 48 as entry 32
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 53 as entry 33
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 54 as entry 34
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 55 as entry 35
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 60 as entry 36
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 61 as entry 37
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 62 as entry 38
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 63 as entry 39
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 64 as entry 40
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 67 as entry 41
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 70 as entry 42
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 73 as entry 43
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 74 as entry 44
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 75 as entry 45
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 76 as entry 46
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 77 as entry 47
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 78 as entry 48
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 79 as entry 49
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 83 as entry 50
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 86 as entry 51
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 87 as entry 52
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 92 as entry 53
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 94 as entry 54
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 95 as entry 55
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 96 as entry 56
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 97 as entry 57
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 100 as entry 58
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 102 as entry 59
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 103 as entry 60
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 104 as entry 61
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 105 as entry 62
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 106 as entry 63
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 107 as entry 64
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 108 as entry 65
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 109 as entry 66
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 112 as entry 67
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 120 as entry 68
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 121 as entry 69
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 123 as entry 70
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 126 as entry 71
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 127 as entry 72
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 128 as entry 73
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 129 as entry 74
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 130 as entry 75
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 131 as entry 76
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 132 as entry 77
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 133 as entry 78
+08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 134 as entry 79
+Reading packets from pcap file ../../coap.pcap...
+Running thread 0...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: C¡Ó [len: 93]
+08/Feb/2016 22:56:52 DEBUG: Starcraft protocol detection...
+08/Feb/2016 22:56:52 DEBUG: Starcraft excluded
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: exclude rtp.
+08/Feb/2016 22:56:52 TRACE: RTSP detection...
+08/Feb/2016 22:56:52 DEBUG: maybe handshake 1; need next packet, return.
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: searching for HEP.
+08/Feb/2016 22:56:52 DEBUG: exclude HEP.
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: excluded at stage 0 
+08/Feb/2016 22:56:52 DEBUG: search yahoo
+08/Feb/2016 22:56:52 TRACE: JABBER detection....
+08/Feb/2016 22:56:52 DEBUG: packet_counter: 1
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: exclude vmware.
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 93
+08/Feb/2016 22:56:52 DEBUG: search tvants.  
+08/Feb/2016 22:56:52 DEBUG: exclude tvants.  
+08/Feb/2016 22:56:52 DEBUG: search sopcast.  
+08/Feb/2016 22:56:52 DEBUG: exclude sopcast.  
+08/Feb/2016 22:56:52 DEBUG: search tvuplayer.  
+08/Feb/2016 22:56:52 DEBUG: exclude tvuplayer.  
+08/Feb/2016 22:56:52 DEBUG: exclude ppstream.
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: exclude MGCP.
+08/Feb/2016 22:56:52 DEBUG: ZATTOO: discarded the flow (UDP): packet_size: 93; Flowstage: 0
+08/Feb/2016 22:56:52 DEBUG: exclude zattoo.
+08/Feb/2016 22:56:52 DEBUG: search qq udp.
+08/Feb/2016 22:56:52 DEBUG: QQ excluded
+08/Feb/2016 22:56:52 DEBUG: excluding thunder udp at stage 0
+08/Feb/2016 22:56:52 TRACE: TEAMWIEWER detection...
+08/Feb/2016 22:56:52 DEBUG: search socrates.
+08/Feb/2016 22:56:52 DEBUG: exclude socrates.
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: NTP excluded.
+08/Feb/2016 22:56:52 DEBUG: NFS user match stage 1
+08/Feb/2016 22:56:52 DEBUG: NFS user match stage 2
+08/Feb/2016 22:56:52 DEBUG: search ssdp.
+08/Feb/2016 22:56:52 DEBUG: ssdp excluded.
+08/Feb/2016 22:56:52 DEBUG: Quake excluded.
+08/Feb/2016 22:56:52 DEBUG: SNMP excluded.
+08/Feb/2016 22:56:52 DEBUG: search syslog
+08/Feb/2016 22:56:52 DEBUG: no syslog detected.
+08/Feb/2016 22:56:52 DEBUG: netbios udp start
+08/Feb/2016 22:56:52 DEBUG: exclude netbios
+08/Feb/2016 22:56:52 DEBUG: MDNS udp start 
+08/Feb/2016 22:56:52 DEBUG: search ipp
+08/Feb/2016 22:56:52 DEBUG: searching for a payload with a pattern like 'number(1to8)blanknumber(1to3)ipp://.
+08/Feb/2016 22:56:52 DEBUG: payload does not begin with a number.
+08/Feb/2016 22:56:52 DEBUG: no ipp detected.
+08/Feb/2016 22:56:52 DEBUG: search ldap
+08/Feb/2016 22:56:52 DEBUG: ldap excluded.
+08/Feb/2016 22:56:52 DEBUG: search WARCRAFT3
+08/Feb/2016 22:56:52 DEBUG: no warcraft3 detected.
+08/Feb/2016 22:56:52 DEBUG: search xdmcp.
+08/Feb/2016 22:56:52 DEBUG: exclude xdmcp.
+08/Feb/2016 22:56:52 DEBUG: search TFTP.
+08/Feb/2016 22:56:52 DEBUG: exclude TFTP.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: search aimini.
+08/Feb/2016 22:56:52 DEBUG: exclude aimini.
+08/Feb/2016 22:56:52 DEBUG: search florensia.
+08/Feb/2016 22:56:52 DEBUG: exclude florensia.
+08/Feb/2016 22:56:52 DEBUG: search crossfire.
+08/Feb/2016 22:56:52 DEBUG: exclude crossfire.
+08/Feb/2016 22:56:52 DEBUG: search armagetron.
+08/Feb/2016 22:56:52 DEBUG: exclude armagetron.
+08/Feb/2016 22:56:52 DEBUG: dropbox detection...
+08/Feb/2016 22:56:52 DEBUG: exclude dropbox.
+08/Feb/2016 22:56:52 DEBUG: spotify detection...
+08/Feb/2016 22:56:52 DEBUG: exclude spotify.
+08/Feb/2016 22:56:52 DEBUG: radius detection...
+08/Feb/2016 22:56:52 DEBUG: gtp detection...
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: search CISCOVPN.
+08/Feb/2016 22:56:52 DEBUG: calculated CISCOVPN over udp ports.
+08/Feb/2016 22:56:52 DEBUG: exclude CISCOVPN.
+08/Feb/2016 22:56:52 DEBUG: TEAMSPEAK excluded.
+08/Feb/2016 22:56:52 DEBUG: search for VIBER.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: exclude VIBER.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: exclude RTCP.
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: search for MEGACO.
+08/Feb/2016 22:56:52 DEBUG: exclude MEGACO.
+08/Feb/2016 22:56:52 TRACE: VHUA detection...
+08/Feb/2016 22:56:52 TRACE: TELEGRAM detection...
+08/Feb/2016 22:56:52 DEBUG: calculating quic over udp.
+08/Feb/2016 22:56:52 DEBUG: exclude quic.
+08/Feb/2016 22:56:52 DEBUG: Exclude eaq.
+08/Feb/2016 22:56:52 DEBUG: Exclude kakaotalk_voice.
+08/Feb/2016 22:56:52 DEBUG: search for MPEGTS.
+08/Feb/2016 22:56:52 DEBUG: Excluded MPEGTS.
+08/Feb/2016 22:56:52 TRACE: UBNTAC2 detection... plen:93 62202:5683
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: C¡Ó [len: 93]
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: HTTP detection...
+08/Feb/2016 22:56:52 DEBUG: HTTP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: ====>>>> HTTP: 2T08/Feb/2016 22:56:52 DEBUG: Filename HTTP not found, we look for possible truncate flow...
+08/Feb/2016 22:56:52 DEBUG: Exclude HTTP
+08/Feb/2016 22:56:52 DEBUG: Starcraft protocol detection...
+08/Feb/2016 22:56:52 DEBUG: Starcraft excluded
+08/Feb/2016 22:56:52 DEBUG: search ssl
+08/Feb/2016 22:56:52 DEBUG: first ssl packet
+08/Feb/2016 22:56:52 DEBUG: exclude ssl
+08/Feb/2016 22:56:52 TRACE: RTSP detection...
+08/Feb/2016 22:56:52 DEBUG: maybe handshake 1; need next packet, return.
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: exclude sip.
+08/Feb/2016 22:56:52 DEBUG: searching for HEP.
+08/Feb/2016 22:56:52 DEBUG: exclude HEP.
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 TRACE: fasttrack/kazaa excluded.
+08/Feb/2016 22:56:52 TRACE: MSN tcp detection...
+08/Feb/2016 22:56:52 DEBUG: msn 7.
+08/Feb/2016 22:56:52 TRACE: MSN tcp excluded.
+08/Feb/2016 22:56:52 DEBUG: search yahoo
+08/Feb/2016 22:56:52 DEBUG: OSCAR :: TCP
+08/Feb/2016 22:56:52 DEBUG: search applejuice.
+08/Feb/2016 22:56:52 DEBUG: exclude applejuice.
+08/Feb/2016 22:56:52 DEBUG: Soulseek: search soulseec tcp 
+08/Feb/2016 22:56:52 DEBUG: irc : search irc
+08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
+08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 TRACE: JABBER detection....
+08/Feb/2016 22:56:52 DEBUG: packet_counter: 1
+08/Feb/2016 22:56:52 DEBUG: search mail_pop
+08/Feb/2016 22:56:52 DEBUG: exclude mail_pop
+08/Feb/2016 22:56:52 DEBUG: search IMAP.
+08/Feb/2016 22:56:52 DEBUG: exclude IMAP.
+08/Feb/2016 22:56:52 DEBUG: search mail_smtp.
+08/Feb/2016 22:56:52 DEBUG: exclude smtp
+08/Feb/2016 22:56:52 DEBUG: USENET: search usenet.
+08/Feb/2016 22:56:52 DEBUG: USENET: STAGE IS 0.
+08/Feb/2016 22:56:52 DEBUG: USENET: exclude usenet.
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 86
+08/Feb/2016 22:56:52 DEBUG: search tvants.  
+08/Feb/2016 22:56:52 DEBUG: exclude tvants.  
+08/Feb/2016 22:56:52 DEBUG: exclude sopcast TCP.  
+08/Feb/2016 22:56:52 DEBUG: search tvuplayer.  
+08/Feb/2016 22:56:52 DEBUG: exclude tvuplayer.  
+08/Feb/2016 22:56:52 DEBUG: exclude ppstream.
+08/Feb/2016 22:56:52 DEBUG: ZATTOO: discarted the flow (TCP): packet_size: 86; Flowstage: 0
+08/Feb/2016 22:56:52 DEBUG: exclude zattoo.
+08/Feb/2016 22:56:52 DEBUG: excluding ssh at stage 0
+08/Feb/2016 22:56:52 DEBUG: excluding thunder tcp at stage 0
+08/Feb/2016 22:56:52 TRACE: TEAMWIEWER detection...
+08/Feb/2016 22:56:52 DEBUG: search socrates.
+08/Feb/2016 22:56:52 DEBUG: exclude socrates.
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: exclude activesync
+08/Feb/2016 22:56:52 DEBUG: search SMB.
+08/Feb/2016 22:56:52 DEBUG: exclude SMB.
+08/Feb/2016 22:56:52 DEBUG: search telnet.
+08/Feb/2016 22:56:52 DEBUG: NFS user match stage 1
+08/Feb/2016 22:56:52 DEBUG: Search World of Warcraft.
+08/Feb/2016 22:56:52 DEBUG: search icecast.
+08/Feb/2016 22:56:52 DEBUG: Icecast excluded.
+08/Feb/2016 22:56:52 DEBUG: search shoutcast.
+08/Feb/2016 22:56:52 DEBUG: Shoutcast excluded.
+08/Feb/2016 22:56:52 DEBUG: no KERBEROS detected.
+08/Feb/2016 22:56:52 DEBUG: search syslog
+08/Feb/2016 22:56:52 DEBUG: no syslog detected.
+08/Feb/2016 22:56:52 DEBUG: DDL: Packet too small.
+08/Feb/2016 22:56:52 DEBUG: Nothing Found
+08/Feb/2016 22:56:52 DEBUG: netbios tcp start
+08/Feb/2016 22:56:52 DEBUG: exclude netbios
+08/Feb/2016 22:56:52 DEBUG: search ipp
+08/Feb/2016 22:56:52 DEBUG: searching for a payload with a pattern like 'number(1to8)blanknumber(1to3)ipp://.
+08/Feb/2016 22:56:52 DEBUG: read symbols while the symbol is a number.
+08/Feb/2016 22:56:52 DEBUG: there is no blank following the number.
+08/Feb/2016 22:56:52 DEBUG: no ipp detected.
+08/Feb/2016 22:56:52 DEBUG: search ldap
+08/Feb/2016 22:56:52 DEBUG: ldap excluded.
+08/Feb/2016 22:56:52 DEBUG: search WARCRAFT3
+08/Feb/2016 22:56:52 DEBUG: no warcraft3 detected.
+08/Feb/2016 22:56:52 DEBUG: search xdmcp.
+08/Feb/2016 22:56:52 DEBUG: exclude xdmcp.
+08/Feb/2016 22:56:52 DEBUG: search mssql.
+08/Feb/2016 22:56:52 DEBUG: exclude mssql.
+08/Feb/2016 22:56:52 DEBUG: exclude pptp.
+08/Feb/2016 22:56:52 DEBUG: exclude stealthnet.
+08/Feb/2016 22:56:52 DEBUG: search meebo.
+08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
+08/Feb/2016 22:56:52 DEBUG: AFP excluded.
+08/Feb/2016 22:56:52 DEBUG: search aimini.
+08/Feb/2016 22:56:52 DEBUG: exclude aimini.
+08/Feb/2016 22:56:52 DEBUG: search florensia.
+08/Feb/2016 22:56:52 DEBUG: exclude florensia.
+08/Feb/2016 22:56:52 DEBUG: exclude maplestory.
+08/Feb/2016 22:56:52 DEBUG: exclude dofus.
+08/Feb/2016 22:56:52 DEBUG: search world_of_kung_fu.
+08/Feb/2016 22:56:52 DEBUG: exclude world_of_kung_fu.
+08/Feb/2016 22:56:52 DEBUG: search fiesta.
+08/Feb/2016 22:56:52 DEBUG: exclude fiesta.
+08/Feb/2016 22:56:52 DEBUG: search crossfire.
+08/Feb/2016 22:56:52 DEBUG: exclude crossfire.
+08/Feb/2016 22:56:52 DEBUG: search guildwars.
+08/Feb/2016 22:56:52 DEBUG: exclude guildwars.
+08/Feb/2016 22:56:52 DEBUG: spotify detection...
+08/Feb/2016 22:56:52 DEBUG: exclude spotify.
+08/Feb/2016 22:56:52 DEBUG: citrix detection...
+08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: exclude NOE.
+08/Feb/2016 22:56:52 DEBUG: search CISCOVPN.
+08/Feb/2016 22:56:52 DEBUG: calculated CISCOVPN over tcp ports.
+08/Feb/2016 22:56:52 DEBUG: exclude CISCOVPN.
+08/Feb/2016 22:56:52 DEBUG: TEAMSPEAK excluded.
+08/Feb/2016 22:56:52 DEBUG: search for TOR.
+08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
+08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
+08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
+08/Feb/2016 22:56:52 TRACE: WHOIS Excluded.
+08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
+08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for CORBA.
+08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
+08/Feb/2016 22:56:52 DEBUG: RTMP detection...
+08/Feb/2016 22:56:52 DEBUG: RTMP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_DATA detection...
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: Redis detection...
+08/Feb/2016 22:56:52 TRACE: ZMQ detection...
+08/Feb/2016 22:56:52 TRACE: TELEGRAM detection...
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: stage 0 has no direct detection, fall through
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: cD¡Ó [len: 19]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 TRACE: RTSP detection...
+08/Feb/2016 22:56:52 DEBUG: didn't find handshake, exclude.
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 TRACE: JABBER detection....
+08/Feb/2016 22:56:52 DEBUG: packet_counter: 2
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 TRACE: VHUA detection...
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: cD¡Ó [len: 19]
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 TRACE: RTSP detection...
+08/Feb/2016 22:56:52 DEBUG: didn't find handshake, exclude.
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: OSCAR :: TCP
+08/Feb/2016 22:56:52 DEBUG: irc : search irc
+08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
+08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 TRACE: JABBER detection....
+08/Feb/2016 22:56:52 DEBUG: packet_counter: 2
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 4
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: search telnet.
+08/Feb/2016 22:56:52 DEBUG: search meebo.
+08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
+08/Feb/2016 22:56:52 DEBUG: citrix detection...
+08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for TOR.
+08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
+08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
+08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
+08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for CORBA.
+08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
+08/Feb/2016 22:56:52 DEBUG: RTMP detection...
+08/Feb/2016 22:56:52 DEBUG: RTMP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: Redis detection...
+08/Feb/2016 22:56:52 DEBUG: Exclude Redis.
+08/Feb/2016 22:56:52 TRACE: ZMQ detection...
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 TRACE: JABBER detection....
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: irc : search irc
+08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
+08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 TRACE: JABBER detection....
+08/Feb/2016 22:56:52 TRACE: JABBER Excluded.
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 60
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: search telnet.
+08/Feb/2016 22:56:52 DEBUG: search meebo.
+08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
+08/Feb/2016 22:56:52 DEBUG: citrix detection...
+08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for TOR.
+08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
+08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
+08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
+08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for CORBA.
+08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
+08/Feb/2016 22:56:52 DEBUG: RTMP detection...
+08/Feb/2016 22:56:52 DEBUG: RTMP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 TRACE: ZMQ detection...
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: irc : search irc
+08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
+08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 4
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: search telnet.
+08/Feb/2016 22:56:52 DEBUG: search meebo.
+08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
+08/Feb/2016 22:56:52 DEBUG: citrix detection...
+08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for TOR.
+08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
+08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
+08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
+08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for CORBA.
+08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
+08/Feb/2016 22:56:52 DEBUG: RTMP detection...
+08/Feb/2016 22:56:52 DEBUG: RTMP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 TRACE: ZMQ detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡Ô [len: 155]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  3
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 TRACE: JABBER detection....
+08/Feb/2016 22:56:52 TRACE: JABBER Excluded.
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 155
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 TRACE: VHUA detection...
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡Ô [len: 155]
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: irc : search irc
+08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
+08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 150
+08/Feb/2016 22:56:52 DEBUG: iMesh excluded at stage 0
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: search telnet.
+08/Feb/2016 22:56:52 DEBUG: search meebo.
+08/Feb/2016 22:56:52 DEBUG: exclude meebo.
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for TOR.
+08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
+08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
+08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
+08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for CORBA.
+08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
+08/Feb/2016 22:56:52 DEBUG: RTMP detection...
+08/Feb/2016 22:56:52 DEBUG: RTMP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 TRACE: ZMQ detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: bD¡Ô [len: 18]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  3
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  13
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 TRACE: VHUA detection...
+08/Feb/2016 22:56:52 TRACE: Exclude VHUA.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: bD¡Ô [len: 18]
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: irc : search irc
+08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
+08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: search telnet.
+08/Feb/2016 22:56:52 DEBUG: telnet excluded.
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for TOR.
+08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
+08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
+08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
+08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for CORBA.
+08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
+08/Feb/2016 22:56:52 DEBUG: RTMP detection...
+08/Feb/2016 22:56:52 DEBUG: RTMP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 TRACE: ZMQ detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+
+
+WARNING: only IPv4/IPv6 packets are supported in this demo (nDPI supports both IPv4 and IPv6), all other packets will be discarded
+
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: D¡Õ [len: 94]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  3
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  13
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 94
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  70
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: D¡Õ [len: 94]
+08/Feb/2016 22:56:52 DEBUG: skype detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: irc : search irc
+08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
+08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for TOR.
+08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
+08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RTCP.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
+08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
+08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
+08/Feb/2016 22:56:52 DEBUG: search for CORBA.
+08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
+08/Feb/2016 22:56:52 DEBUG: RTMP detection...
+08/Feb/2016 22:56:52 DEBUG: RTMP stage 0: 
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
+08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0: 
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 TRACE: ZMQ detection...
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: dD¡Õ [len: 20]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  3
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  13
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 20
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  70
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: dD¡Õ [len: 20]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  78
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: G¡Ö [len: 160]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  3
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  13
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 160
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  70
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: G¡Ö [len: 160]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  78
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: gD¡Ö [len: 23]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  3
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  13
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  70
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: gD¡Ö [len: 23]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  78
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡× [len: 92]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  0
+08/Feb/2016 22:56:52 DEBUG: search stun.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  2
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  3
+08/Feb/2016 22:56:52 DEBUG: sip detection...
+08/Feb/2016 22:56:52 DEBUG: need next packet.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  5
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  6
+08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
+08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  8
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  9
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  10
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  11
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  13
+08/Feb/2016 22:56:52 DEBUG: search DNS.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  15
+08/Feb/2016 22:56:52 DEBUG: UDP FOUND
+08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 92
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  17
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  18
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  19
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  20
+08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  22
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  23
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  24
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  25
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  26
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  27
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  28
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  29
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  30
+08/Feb/2016 22:56:52 DEBUG: STEAM detection...
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: STEAM stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  32
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  33
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  34
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  35
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  36
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  37
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  38
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  39
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  40
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  41
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  42
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  43
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  44
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  45
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  46
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  47
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  48
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  49
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  50
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  51
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  52
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  53
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  54
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  55
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  56
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  57
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  58
+08/Feb/2016 22:56:52 DEBUG: netflow detection...
+08/Feb/2016 22:56:52 DEBUG: sflow detection...
+08/Feb/2016 22:56:52 DEBUG: search H323.
+08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  62
+08/Feb/2016 22:56:52 DEBUG: search for NOE.
+08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  64
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  65
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  66
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  67
+08/Feb/2016 22:56:52 TRACE: PANDO detection...
+08/Feb/2016 22:56:52 DEBUG: PANDO stage 0: 
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  69
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  70
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  71
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  72
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  73
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  74
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  75
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  76
+08/Feb/2016 22:56:52 DEBUG: CoAP detection...
+08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡× [len: 92]
+08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx =  78
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: ipv4 header
+08/Feb/2016 22:56:52 DEBUG: netbios udp start
+08/Feb/2016 22:56:52 DEBUG: found netbios port 137 and payload_packet_len 50
+08/Feb/2016 22:56:52 DEBUG: found netbios with flag 0110 questions = 1 and answers = 0, authority, additional = 0  
+08/Feb/2016 22:56:52 DEBUG: Starcraft protocol detection...
+08/Feb/2016 22:56:52 DEBUG: Starcraft excluded
+
+nDPI Memory statistics:
+	nDPI Memory (once):      105.99 KB    
+	Flow Memory (per flow):  1.94 KB      
+	Actual Memory:           1.86 MB      
+	Peak Memory:             1.86 MB      
+
+Traffic statistics:
+	Ethernet bytes:        13857         (includes ethernet CRC/IFC/trailer)
+	Discarded bytes:       102          
+	IP packets:            122           of 124 packets total
+	IP bytes:              10929         (avg pkt size 88 bytes)
+	Unique flows:          3            
+	TCP Packets:           85           
+	UDP Packets:           37           
+	VLAN Packets:          0            
+	MPLS Packets:          0            
+	PPPoE Packets:         0            
+	Fragmented Packets:    0            
+	Max Packet size:       170          
+	Packet Len < 64:       82           
+	Packet Len 64-128:     30           
+	Packet Len 128-256:    10           
+	Packet Len 256-1024:   0            
+	Packet Len 1024-1500:  0            
+	Packet Len > 1500:     0            
+	nDPI throughput:       37.84 K pps / 32.79 Mb/sec
+	Traffic throughput:    3.54 pps / 3.15 Kb/sec
+	Traffic duration:      34.417 sec
+	Guessed flow protos:   1            
+
+
+Detected protocols:
+	Unknown              packets: 85            bytes: 6989          flows: 1            
+	NetBIOS              packets: 7             bytes: 644           flows: 1            
+	COAP                 packets: 30            bytes: 3296          flows: 1            
+
+
+Protocol statistics:
+	Acceptable                    3940 bytes
+	Unrated                       6989 bytes
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index b75672192..0d84e6f87 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -113,7 +113,7 @@ static u_int8_t undetected_flows_deleted = 0;
 /**
  * User preferences
  */
-static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0;
+static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 2, json_flag = 0;
 static u_int16_t decode_tunnels = 0;
 static u_int16_t num_loops = 1;
 static u_int8_t shutdown_app = 0, quiet_mode = 0;
diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h
index 3fa0b34e6..266c76968 100644
--- a/src/include/ndpi_define.h
+++ b/src/include/ndpi_define.h
@@ -156,6 +156,7 @@
 /* misc definitions */
 #define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000
 
+#define NDPI_ENABLE_DEBUG_MESSAGES 1
 
 /* TODO: rebuild all memory areas to have a more aligned memory block here */
 
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 5132167f7..8084525f2 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -268,9 +268,10 @@
 #define NDPI_SERVICE_HOTSPOT_SHIELD                     215
 #define NDPI_SERVICE_OCS                                218
 #define NDPI_SERVICE_OFFICE_365                         219
+#define NDPI_PROTOCOL_COAP                              221
 
 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_MS_LYNC
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_COAP
 
 #define NDPI_MAX_SUPPORTED_PROTOCOLS                    (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
 #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS                   (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 240f7b42e..56028c995 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -197,6 +197,7 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc
 void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_starcraft(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 
 
 /* --- INIT FUNCTIONS --- */
@@ -336,5 +337,5 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
-
+void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 #endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index c4f4fdf73..2ae137b74 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -345,6 +345,14 @@ typedef enum {
   HTTP_METHOD_CONNECT
 } ndpi_http_method;
 
+typedef enum {
+  COAP_METHOD_UNKNOWN = 0,
+  COAP_METHOD_GET,
+  COAP_METHOD_POST,
+  COAP_METHOD_PUT,
+  COAP_METHOD_DELETE
+} ndpi_coap_method;
+
 struct ndpi_id_struct {
   /**
      detected_protocol_bitmask:
@@ -625,6 +633,9 @@ struct ndpi_flow_udp_struct {
   u_int8_t eaq_pkt_id;
   u_int32_t eaq_sequence;
 #endif
+#ifdef NDPI_PROTOCOL_COAP
+  u_int32_t coap_stage:2;
+#endif
 }
 #ifndef WIN32
   __attribute__ ((__packed__))
@@ -905,6 +916,11 @@ struct ndpi_flow_struct {
     char *url, *content_type;
   } http;
 
+  struct {
+    ndpi_coap_method method;
+    char *url, *content_type;
+  } coap;
+
   union {
 
     /* the only fields useful for nDPI and ntopng */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 3c5a69e64..80becd407 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -155,6 +155,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
 		     protocols/yahoo.c \
 		     protocols/zattoo.c \
 		     protocols/zeromq.c \
+		     protocols/coap.c \
 		     third_party/include/actypes.h \
 		     third_party/include/ahocorasick.h \
 		     third_party/include/node.h \
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 9d9c38edc..572fd4f01 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1498,6 +1498,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "Lync",
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),	/* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));	/* UDP */
+    ndpi_set_proto_defaults(ndpi_mod,NDPI_PROTOCOL_ACCEPTABLE,NDPI_PROTOCOL_COAP,
+    		    no_master,
+				no_master, "COAP",
+				ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
+				ndpi_build_default_ports(ports_b, 5683, 0, 0, 0, 0));  /* UDP */
 
     /* calling function for host and content matched protocols */
     init_string_based_protocols(ndpi_mod);
@@ -2462,6 +2467,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* UBNTAC2 */
   init_ubntac2_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* COAP */
+  init_coap_dissector(ndpi_struct, &a, detection_bitmask);
+
   /* Put false-positive sensitive protocols at the end */
 
   /* SKYPE */
diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c
index bd349b2cd..7047154f9 100644
--- a/src/lib/protocols/coap.c
+++ b/src/lib/protocols/coap.c
@@ -21,18 +21,22 @@
  *
  */
 
-#define NDPI_PROTOCOL_COAP
 
 #include "ndpi_protocols.h"
 #ifdef NDPI_PROTOCOL_COAP
-static void ndpi_int_coap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
-	// not sure if this is accurate but coap runs on top of udp and should be connectionless
-	  if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
-	    /* This is COAP and it is not a sub protocol (e.g. lwm2m) */
-	    ndpi_search_tcp_or_udp(ndpi_struct, flow);
+static void
+ndpi_int_coap_add_connection (struct ndpi_detection_module_struct *ndpi_struct,
+			      struct ndpi_flow_struct *flow)
+{
+  // not sure if this is accurate but coap runs on top of udp and should be connectionless
+  if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
+    {
+      /* This is COAP and it is not a sub protocol (e.g. lwm2m) */
+      ndpi_search_tcp_or_udp (ndpi_struct, flow);
 //
 //	    /* If no custom protocol has been detected */
-	    if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+      if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
+	{
 //	      if(protocol != NDPI_PROTOCOL_HTTP) {
 //		ndpi_search_tcp_or_udp(ndpi_struct, flow);
 //		ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
@@ -43,172 +47,50 @@ static void ndpi_int_coap_add_connection(struct ndpi_detection_module_struct *nd
 //	    }
 //
 //	    flow->http_detected = 1;
-//	  }
-}
-
-void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-	struct ndpi_packet_struct *packet = &flow->packet;
-	//TODO
-	if (packet->detected_protocol_stack[0]!= NDPI_PROTOCOL_UNKNOWN){
-		return;
 	}
-	NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP detected...\n");
-//	if packet->
+    }
 }
 
-void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
-			 NDPI_PROTOCOL_BITMASK *detection_bitmask)
+//static u_int16_t coap_request_url_offset(struct ndpi_detection_module_struct * ndpi_struct,
+//					 struct ndpi_flow_struct *flow)
+//{
+//  struct ndpi_packet_struct* packet = &flow->packet;
+//  if (packet->payload_packet_len >=4 )
+//}
+
+void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct,
+		       struct ndpi_flow_struct *flow)
 {
-//TODO
+  struct ndpi_packet_struct *packet = &flow->packet;
+  if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
+  {
+      return;
+  }
+  NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP detection...\n");
 
-	//  ndpi_set_bitmask_protocol_detection("HTTP",ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_HTTP,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//
-//#if 0
-//  ndpi_set_bitmask_protocol_detection("HTTP_Proxy", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_HTTP_PROXY,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//
-//#ifdef NDPI_CONTENT_MPEG
-//  ndpi_set_bitmask_protocol_detection("MPEG", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_MPEG,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_FLASH
-//  ndpi_set_bitmask_protocol_detection("Flash", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_FLASH,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_QUICKTIME
-//  ndpi_set_bitmask_protocol_detection("QuickTime", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_QUICKTIME,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_REALMEDIA
-//  ndpi_set_bitmask_protocol_detection("RealMedia", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_REALMEDIA,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_WINDOWSMEDIA
-//  ndpi_set_bitmask_protocol_detection("WindowsMedia", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_WINDOWSMEDIA,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_MMS
-//  ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_MMS,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_PROTOCOL_XBOX
-//  ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_XBOX,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_PROTOCOL_QQ
-//  ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_QQ,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_AVI
-//  ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_AVI,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_OGG
-//  ndpi_set_bitmask_protocol_detection("OggVorbis", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_OGG,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_PROTOCOL_MOVE
-//  ndpi_set_bitmask_protocol_detection("Move", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_MOVE,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//
-//  /* Update excluded protocol bitmask */
-//  NDPI_BITMASK_SET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
-//  		   ndpi_struct->callback_buffer[a].detection_bitmask);
-//
-//  /*Delete protocol from exluded protocol bitmask*/
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_UNKNOWN);
-//
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_QQ);
-//
-//#ifdef NDPI_CONTENT_FLASH
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_FLASH);
-//#endif
-//
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,  NDPI_CONTENT_MMS);
-//  /* #ifdef NDPI_PROTOCOL_RTSP */
-//  /*   NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, */
-//  /* 				 NDPI_PROTOCOL_RTSP); */
-//  /* #endif */
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX);
-//
-//  NDPI_BITMASK_SET(ndpi_struct->generic_http_packet_bitmask, ndpi_struct->callback_buffer[a].detection_bitmask);
-//
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->generic_http_packet_bitmask, NDPI_PROTOCOL_UNKNOWN);
-//
-//  /* Update callback_buffer index */
-//  a++;
-//
-//#endif
+  if (flow->l4.udp.coap_stage == 0) {
+  // we must set something here
+      NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> COAP: %c%c%c%c [len: %u]\n",
+      	   packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3],
+      	   packet->payload_packet_len);
 
+  } else if (flow->l4.udp.coap_stage == 1 + packet->packet_direction )
+    {
+
+    }
+  //	packet->
 }
 
+void init_coap_dissector (struct ndpi_detection_module_struct *ndpi_struct,
+		     u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+  ndpi_set_bitmask_protocol_detection ("COAP", ndpi_struct, detection_bitmask, *id,
+				       NDPI_PROTOCOL_COAP,
+				       ndpi_search_coap,
+				       NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+				       SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK);
+  *id +=1;
+}
+
+
 #endif // NDPI_PROTOCOL_COAP
-- 
cgit v1.2.3


From 7ee464709b0d8dcfaab5e8637d700180c583cf6d Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Thu, 11 Feb 2016 23:55:21 +0200
Subject: Functional dissector. Guestimative.

---
 src/lib/protocols/coap.c | 110 ++++++++++++++++++++++++++---------------------
 1 file changed, 62 insertions(+), 48 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c
index 7047154f9..025385fe0 100644
--- a/src/lib/protocols/coap.c
+++ b/src/lib/protocols/coap.c
@@ -24,63 +24,77 @@
 
 #include "ndpi_protocols.h"
 #ifdef NDPI_PROTOCOL_COAP
-static void
-ndpi_int_coap_add_connection (struct ndpi_detection_module_struct *ndpi_struct,
+
+/**
+ * Entry point when protocol is identified.
+ */
+static void ndpi_int_coap_add_connection (struct ndpi_detection_module_struct *ndpi_struct,
 			      struct ndpi_flow_struct *flow)
 {
   // not sure if this is accurate but coap runs on top of udp and should be connectionless
-  if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
-    {
-      /* This is COAP and it is not a sub protocol (e.g. lwm2m) */
-      ndpi_search_tcp_or_udp (ndpi_struct, flow);
-//
-//	    /* If no custom protocol has been detected */
-      if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
-	{
-//	      if(protocol != NDPI_PROTOCOL_HTTP) {
-//		ndpi_search_tcp_or_udp(ndpi_struct, flow);
-//		ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
-//	      } else {
-//		ndpi_int_reset_protocol(flow);
-//		ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
-//	      }
-//	    }
-//
-//	    flow->http_detected = 1;
-	}
-    }
+  ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_COAP,NDPI_PROTOCOL_UNKNOWN);
+  NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP found.\n");
 }
-
-//static u_int16_t coap_request_url_offset(struct ndpi_detection_module_struct * ndpi_struct,
-//					 struct ndpi_flow_struct *flow)
-//{
-//  struct ndpi_packet_struct* packet = &flow->packet;
-//  if (packet->payload_packet_len >=4 )
-//}
-
+/**
+ * Dissector function that searches CoAP headers
+ */
 void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct,
 		       struct ndpi_flow_struct *flow)
 {
-  struct ndpi_packet_struct *packet = &flow->packet;
-  if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
-  {
-      return;
-  }
-  NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP detection...\n");
-
-  if (flow->l4.udp.coap_stage == 0) {
-  // we must set something here
-      NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> COAP: %c%c%c%c [len: %u]\n",
-      	   packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3],
-      	   packet->payload_packet_len);
-
-  } else if (flow->l4.udp.coap_stage == 1 + packet->packet_direction )
-    {
+	struct ndpi_packet_struct *packet = &flow->packet;
+	if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
+		return;
+	}
+	NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP detection...\n");
+	// searching for request
+	NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> COAP header: %04x%04x%04x%04x [len: %u]\n",
+			packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], packet->payload_packet_len);
+	// check if we have version bits
+	if (packet->payload_packet_len < 4) {
+		NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Coap .. mandatory header not found!\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COAP);
+		return;
+	}
+	// since this is always unsigned we could have spared the 0xF0 logical AND
+	// vt = version and type (version is mandatory 1; type is either 0,1,2,3 )
+	u_int8_t vt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4);
+	if ((vt == 4) || (vt == 5) || (vt == 6) || (vt == 7)) {
+		NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Continuing Coap detection \n");
+		// search for values 9 to 15 in the token length
+		u_int8_t tkl = (u_int8_t) ((packet->payload[0] & 0x0F));
+		if ((tkl >= 9) && (tkl <= 15)) {
+			NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Coap .. invalid token length found!\n");
+			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COAP);
+			return;
+		}
+		u_int8_t class = (u_int8_t) ((packet->payload[1] & 0xE0) >> 5);
+		u_int8_t detail = (u_int8_t) ((packet->payload[1] & 0x1F));
+		if ((class == 0) && (detail == 0) && (tkl == 0) && (packet->payload_packet_len == 4)) {
+			NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Coap found ... empty message\n");
+			ndpi_int_coap_add_connection(ndpi_struct,flow);
+			return;
+		}
+		if ((class == 0) && ((detail == 1) || (detail == 2 ) || (detail == 3 ) || (detail == 4 ))) {
+			// we should probably search for options as well and payload
+			NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Coap found ... req message\n");
+			ndpi_int_coap_add_connection(ndpi_struct,flow);
+			return;
+		}
+		if ((class == 2) || (class == 4) || (class == 5)) {
+			// we should probably search for options and payload
+			NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Coap found ... resp message\n");
+			ndpi_int_coap_add_connection(ndpi_struct,flow);
+			return;
+		}
+	}
+	NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Coap ...\n");
+	NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COAP);
+	return;
 
-    }
-  //	packet->
 }
-
+/**
+ * Entry point for the ndpi library
+ */
 void init_coap_dissector (struct ndpi_detection_module_struct *ndpi_struct,
 		     u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
-- 
cgit v1.2.3


From 237102b5f2ee0229447c95bf10de450d6ed33428 Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Thu, 18 Feb 2016 20:29:41 +0200
Subject: First draft of the Mqtt dissector.

---
 src/include/ndpi_protocol_ids.h |  3 +-
 src/include/ndpi_typedefs.h     |  3 ++
 src/lib/Makefile.am             |  1 +
 src/lib/ndpi_main.c             | 10 +++++-
 src/lib/protocols/mqtt.c        | 79 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 src/lib/protocols/mqtt.c

(limited to 'src/lib/protocols')

diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 8084525f2..7dcd86528 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -269,9 +269,10 @@
 #define NDPI_SERVICE_OCS                                218
 #define NDPI_SERVICE_OFFICE_365                         219
 #define NDPI_PROTOCOL_COAP                              221
+#define NDPI_PROTOCOL_MQTT								222
 
 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_COAP
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_MQTT
 
 #define NDPI_MAX_SUPPORTED_PROTOCOLS                    (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
 #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS                   (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 2ae137b74..dcf3e0749 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -584,6 +584,9 @@ struct ndpi_flow_tcp_struct {
   u_int8_t prev_zmq_pkt_len;
   u_char prev_zmq_pkt[10];
 #endif
+#ifdef NDPI_PROTOCOL_MQTT
+  u_int8_t mqtt_stage:2;
+#endif
 }
 #ifndef WIN32
   __attribute__ ((__packed__))
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 80becd407..b2d3e3d64 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -156,6 +156,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
 		     protocols/zattoo.c \
 		     protocols/zeromq.c \
 		     protocols/coap.c \
+		     protocols/mqtt.c \
 		     third_party/include/actypes.h \
 		     third_party/include/ahocorasick.h \
 		     third_party/include/node.h \
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 572fd4f01..8fa52fc77 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1502,7 +1502,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
     		    no_master,
 				no_master, "COAP",
 				ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
-				ndpi_build_default_ports(ports_b, 5683, 0, 0, 0, 0));  /* UDP */
+				ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0));  /* UDP */
+    ndpi_set_proto_defaults(ndpi_mod,NDPI_PROTOCOL_ACCEPTABLE,NDPI_PROTOCOL_MQTT,
+    		    no_master,
+				no_master, "MQTT",
+				ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0),  /* TCP */
+				ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));  /* UDP */
 
     /* calling function for host and content matched protocols */
     init_string_based_protocols(ndpi_mod);
@@ -2470,6 +2475,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* COAP */
   init_coap_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* MQTT */
+  init_mqtt_dissector(ndpi_struct, &a, detection_bitmask);
+
   /* Put false-positive sensitive protocols at the end */
 
   /* SKYPE */
diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
new file mode 100644
index 000000000..3c677dc9c
--- /dev/null
+++ b/src/lib/protocols/mqtt.c
@@ -0,0 +1,79 @@
+/*
+ * mqtt.c
+ *
+ * Copyright (C) 2016 Sorin Zamfir <sorin.zamfir@yahoo.com>
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "ndpi_protocols.h"
+#ifdef NDPI_PROTOCOL_MQTT
+/**
+ * Entry point when protocol is identified.
+ */
+static void ndpi_int_mqtt_add_connection (struct ndpi_detection_module_struct *ndpi_struct,
+			      struct ndpi_flow_struct *flow)
+{
+	ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_MQTT,NDPI_PROTOCOL_UNKNOWN);
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found.\n");
+}
+
+/**
+ * Dissector function that searches Mqtt headers
+ */
+void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
+		       struct ndpi_flow_struct *flow)
+{
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt search called...\n");
+	struct ndpi_packet_struct *packet = &flow->packet;
+	if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
+		return;
+	}
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt detection...\n");
+	// searching for request
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> Mqtt header: %04x%04x%04x%04x [len: %u]\n",
+			packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], packet->payload_packet_len);
+	if (packet->payload_packet_len < 2) {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. mandatory header not found!\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	}
+	u_int8_t pt = (u_int8_t) (packet->payload[0]);
+
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt ...\n");
+	NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+	return;
+	//TODO
+}
+/**
+ * Entry point for the ndpi library
+ */
+void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,
+		     u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+  NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt dissector init...\n");
+  ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id,
+				       NDPI_PROTOCOL_MQTT,
+				       ndpi_search_mqtt,
+				       NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+				       SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK);
+  *id +=1;
+}
+
+#endif // NDPI_PROTOCOL_MQTT
+
-- 
cgit v1.2.3


From 7d3ab6d0b4284a76232ce82233db14c581b37332 Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Thu, 18 Feb 2016 21:36:06 +0200
Subject: Some filtering applied. Not yet functional.

---
 src/lib/protocols/mqtt.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 57 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
index 3c677dc9c..9aec23504 100644
--- a/src/lib/protocols/mqtt.c
+++ b/src/lib/protocols/mqtt.c
@@ -23,6 +23,29 @@
 
 #include "ndpi_protocols.h"
 #ifdef NDPI_PROTOCOL_MQTT
+
+/**
+ * The type of control messages in mqtt version 3.1.1
+ * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1
+ */
+enum MQTT_PACKET_TYPES {
+	CONNECT = 1,
+	CONNACK = 2,
+	PUBLISH = 3,
+	PUBACK = 4,
+	PUBREC = 5,
+	PUBREL = 6,
+	PUBCOMP = 7,
+	SUBSCRIBE = 8,
+	SUBACK = 9,
+	UNSUBSCRIBE = 10,
+	UNSUBACK = 11,
+	PINGREQ = 12,
+	PINGRESP = 13,
+	DISCONNECT = 14
+};
+
+
 /**
  * Entry point when protocol is identified.
  */
@@ -53,12 +76,44 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
-	u_int8_t pt = (u_int8_t) (packet->payload[0]);
+	// we first extract the packet type
+	u_int8_t pt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4);
+	if ((pt == 0) || (pt == 15)) {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. invalid packet type!\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	}
+	u_int8_t flags = (u_int8_t) (packet->payload[0] & 0x0F);
+	if ((((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) || (pt == PUBCOMP) ||
+		(pt = SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT))) && (flags != 0))
+	{
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	}
+	if (((pt == PUBREL) || (pt == SUBSCRIBE) || (pt == UNSUBSCRIBE)) && (flags != 2)) {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	}
+	if ((pt == PUBLISH) && ((flags & 0x06) == 6)) // QoS combination
+	{
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	}
+	// we have reached this point without any serious errors
+//	switch (pt) {
+//		case CONNECT:
+//
+//			break;
+//		default:
+//			break;
+//	}
 
 	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt ...\n");
 	NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 	return;
-	//TODO
 }
 /**
  * Entry point for the ndpi library
-- 
cgit v1.2.3


From a8050635fa7b7a817a4b6b0c70cca1d814593f88 Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Fri, 19 Feb 2016 19:55:03 +0200
Subject: Improved Mqtt detection. 3 messages remain for identification

---
 src/lib/protocols/mqtt.c | 71 +++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 58 insertions(+), 13 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
index 9aec23504..00d327e00 100644
--- a/src/lib/protocols/mqtt.c
+++ b/src/lib/protocols/mqtt.c
@@ -84,9 +84,10 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 		return;
 	}
 	u_int8_t flags = (u_int8_t) (packet->payload[0] & 0x0F);
-	if ((((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) || (pt == PUBCOMP) ||
-		(pt = SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT))) && (flags != 0))
-	{
+	// first stage verification
+	if ((((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) ||
+		  (pt == PUBCOMP) || (pt = SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) ||
+		  (pt == PINGRESP) || (pt == DISCONNECT)))  && (flags != 0)) {
 		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
@@ -96,20 +97,64 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
-	if ((pt == PUBLISH) && ((flags & 0x06) == 6)) // QoS combination
-	{
+	if ((pt == PUBLISH) && ((flags & 0x06) == 6)) {// QoS combination
 		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
-	// we have reached this point without any serious errors
-//	switch (pt) {
-//		case CONNECT:
-//
-//			break;
-//		default:
-//			break;
-//	}
+	// second stage verification (no payload)
+	if (((pt == CONNACK) || (pt == PUBACK) || (pt == PUBREL) ||
+		(pt == PUBREC) || (pt == PUBCOMP) || (pt == UNSUBACK)) && (packet->payload_packet_len > 4)){
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	} else {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		return;
+	}
+	if (((pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT)) && (packet->payload_packet_len > 2))
+	{
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	} else {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		return;
+	}
+	// thrid stage verification (payload)
+	if ((pt == CONNECT) && (memcmp(&(packet->payload[4]),"MQTT",4) == 0) ){
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		return;
+	} else {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	}
+	if (pt == PUBLISH){
+		u_int8_t qos = (u_int8_t) (flags & 0x06);
+		if (((qos == 1) || (qos == 2)) && (packet->payload_packet_len < 4)){
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+			return;
+		} else {
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+			ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+			return;
+		}
+	}
+	if (pt == SUBSCRIBE){
+//		if ()
+	}
+
+	if (pt == SUBACK ){
+
+	}
+	if (pt == UNSUBSCRIBE){
+
+	}
 
 	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt ...\n");
 	NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
-- 
cgit v1.2.3


From d18a1edb679814b66f282232f9d5a586939cc1f8 Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Fri, 19 Feb 2016 20:22:54 +0200
Subject: Functional mqtt

---
 src/lib/protocols/mqtt.c | 42 +++++++++++++++++++++++++++++++++---------
 1 file changed, 33 insertions(+), 9 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
index 00d327e00..f069cb6e6 100644
--- a/src/lib/protocols/mqtt.c
+++ b/src/lib/protocols/mqtt.c
@@ -135,25 +135,49 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 	}
 	if (pt == PUBLISH){
 		u_int8_t qos = (u_int8_t) (flags & 0x06);
-		if (((qos == 1) || (qos == 2)) && (packet->payload_packet_len < 4)){
+		if (((qos == 1) || (qos == 2)) && (packet->payload_packet_len < 4)){ // at least topic + pkt identifier
 			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
 			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
-		} else {
-			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
-			ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		}
+		if ((qos == 0) && (packet->payload_packet_len < 3)){ // at least topic
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
 		}
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		return;
+
 	}
-	if (pt == SUBSCRIBE){
-//		if ()
+	if ((pt == SUBSCRIBE) && (packet->payload_packet_len < 8)){ // at least one topic+filter is required in the payload
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	} else {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		return;
 	}
 
-	if (pt == SUBACK ){
-
+	if ((pt == SUBACK ) && (packet->payload_packet_len <5 )){ // must have at least a response code
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	} else {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		return;
 	}
-	if (pt == UNSUBSCRIBE){
 
+	if ((pt == UNSUBSCRIBE) && (packet->payload_packet_len < 7)) { // at least a topic
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	} else {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
+		return;
 	}
 
 	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt ...\n");
-- 
cgit v1.2.3


From 8f60ad887449bb253aa37ef67c793b0ad03ff0eb Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Fri, 19 Feb 2016 21:18:28 +0200
Subject: We have a bug :(.

---
 src/lib/protocols/mqtt.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
index f069cb6e6..52fffcebd 100644
--- a/src/lib/protocols/mqtt.c
+++ b/src/lib/protocols/mqtt.c
@@ -69,7 +69,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 	}
 	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt detection...\n");
 	// searching for request
-	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> Mqtt header: %04x%04x%04x%04x [len: %u]\n",
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> Mqtt header: %4x%4x%4x%4x [len: %u]\n",
 			packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], packet->payload_packet_len);
 	if (packet->payload_packet_len < 2) {
 		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. mandatory header not found!\n");
@@ -88,24 +88,19 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 	if ((((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) ||
 		  (pt == PUBCOMP) || (pt = SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) ||
 		  (pt == PINGRESP) || (pt == DISCONNECT)))  && (flags != 0)) {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination [%d]\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
 	if (((pt == PUBREL) || (pt == SUBSCRIBE) || (pt == UNSUBSCRIBE)) && (flags != 2)) {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
-		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
-		return;
-	}
-	if ((pt == PUBLISH) && ((flags & 0x06) == 6)) {// QoS combination
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination [%d]\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
 	// second stage verification (no payload)
 	if (((pt == CONNACK) || (pt == PUBACK) || (pt == PUBREL) ||
 		(pt == PUBREC) || (pt == PUBCOMP) || (pt == UNSUBACK)) && (packet->payload_packet_len > 4)){
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length [%d]\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
@@ -115,7 +110,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 	}
 	if (((pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT)) && (packet->payload_packet_len > 2))
 	{
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length [%d]\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
@@ -123,35 +118,40 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	}
-	// thrid stage verification (payload)
+	// third stage verification (payload)
 	if ((pt == CONNECT) && (memcmp(&(packet->payload[4]),"MQTT",4) == 0) ){
 		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	} else {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
 	if (pt == PUBLISH){
 		u_int8_t qos = (u_int8_t) (flags & 0x06);
 		if (((qos == 1) || (qos == 2)) && (packet->payload_packet_len < 4)){ // at least topic + pkt identifier
-			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
 			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
 		}
 		if ((qos == 0) && (packet->payload_packet_len < 3)){ // at least topic
-			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
 			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
 		}
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		if ((qos == 3)){ // this should never happen
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt[%d]\n",pt);
+			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+			return;
+		}
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PUBLISH\n",pt);
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 
 	}
 	if ((pt == SUBSCRIBE) && (packet->payload_packet_len < 8)){ // at least one topic+filter is required in the payload
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
@@ -161,7 +161,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 	}
 
 	if ((pt == SUBACK ) && (packet->payload_packet_len <5 )){ // must have at least a response code
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
@@ -171,7 +171,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 	}
 
 	if ((pt == UNSUBSCRIBE) && (packet->payload_packet_len < 7)) { // at least a topic
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n");
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n",pt);
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
-- 
cgit v1.2.3


From 245ca20eea6ce9154a9b8953ec782f615eb2392c Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <sorin.zamfir@yahoo.com>
Date: Sat, 20 Feb 2016 00:15:09 +0200
Subject: Fixed the bug. Damn comparison.

---
 src/lib/protocols/mqtt.c | 62 +++++++++++++++++++++++++++++-------------------
 1 file changed, 37 insertions(+), 25 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
index 52fffcebd..238f07e64 100644
--- a/src/lib/protocols/mqtt.c
+++ b/src/lib/protocols/mqtt.c
@@ -68,6 +68,12 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 		return;
 	}
 	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt detection...\n");
+	if  (flow->packet_counter > 10) {
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. mandatory header not found!\n");
+		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+		return;
+	}
+
 	// searching for request
 	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> Mqtt header: %4x%4x%4x%4x [len: %u]\n",
 			packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], packet->payload_packet_len);
@@ -78,109 +84,115 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 	}
 	// we first extract the packet type
 	u_int8_t pt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4);
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Mqtt packet type: [%d]\n",pt);
 	if ((pt == 0) || (pt == 15)) {
 		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. invalid packet type!\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
 	u_int8_t flags = (u_int8_t) (packet->payload[0] & 0x0F);
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Mqtt flags type: [%d]\n",flags);
 	// first stage verification
-	if ((((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) ||
-		  (pt == PUBCOMP) || (pt = SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) ||
-		  (pt == PINGRESP) || (pt == DISCONNECT)))  && (flags != 0)) {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination [%d]\n",pt);
-		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
-		return;
+	if ((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) ||
+		  (pt == PUBCOMP) || (pt == SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) ||
+		  (pt == PINGRESP) || (pt == DISCONNECT)) {
+		if (flags > 0) {
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination flag!=0\n");
+			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
+			return;
+		}
 	}
 	if (((pt == PUBREL) || (pt == SUBSCRIBE) || (pt == UNSUBSCRIBE)) && (flags != 2)) {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination flag!=2\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed first stage of identification\n");
 	// second stage verification (no payload)
 	if (((pt == CONNACK) || (pt == PUBACK) || (pt == PUBREL) ||
 		(pt == PUBREC) || (pt == PUBCOMP) || (pt == UNSUBACK)) && (packet->payload_packet_len > 4)){
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length < 4 \n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found \n");
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	}
 	if (((pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT)) && (packet->payload_packet_len > 2))
 	{
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length <2 \n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PING/PINGRESP/DISCONNECT\n");
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	}
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed second stage of identification\n");
 	// third stage verification (payload)
 	if ((pt == CONNECT) && (memcmp(&(packet->payload[4]),"MQTT",4) == 0) ){
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found CONNECT\n");
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	} else {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid CONNECT\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	}
 	if (pt == PUBLISH){
 		u_int8_t qos = (u_int8_t) (flags & 0x06);
 		if (((qos == 1) || (qos == 2)) && (packet->payload_packet_len < 4)){ // at least topic + pkt identifier
-			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos1&2\n");
 			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
 		}
 		if ((qos == 0) && (packet->payload_packet_len < 3)){ // at least topic
-			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos0\n");
 			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
 		}
 		if ((qos == 3)){ // this should never happen
-			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt[%d]\n",pt);
+			NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos3\n");
 			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
 		}
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PUBLISH\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PUBLISH\n");
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 
 	}
 	if ((pt == SUBSCRIBE) && (packet->payload_packet_len < 8)){ // at least one topic+filter is required in the payload
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid SUBSCRIBE\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found SUBSCRIBE\n");
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	}
 
 	if ((pt == SUBACK ) && (packet->payload_packet_len <5 )){ // must have at least a response code
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid SUBACK\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found SUBACK\n");
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	}
 
 	if ((pt == UNSUBSCRIBE) && (packet->payload_packet_len < 7)) { // at least a topic
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid UNSUBSCRIBE\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 		return;
 	} else {
-		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found [%d]\n",pt);
+		NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found UNSUBSCRIBE\n",pt);
 		ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 		return;
 	}
-
-	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt ...\n");
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed third stage of identification");
+	NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end excluding Mqtt ...\n");
 	NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 	return;
 }
-- 
cgit v1.2.3


From 28806f3187d8a0eb5c9f42b2c57157e1c9fcc84a Mon Sep 17 00:00:00 2001
From: Sorin Zamfir <zamfir.sorin@yahoo.com>
Date: Sat, 19 Mar 2016 20:50:20 +0200
Subject: Minor changes to a comment

---
 src/lib/protocols/coap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c
index 025385fe0..8089c8159 100644
--- a/src/lib/protocols/coap.c
+++ b/src/lib/protocols/coap.c
@@ -75,13 +75,13 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct,
 			return;
 		}
 		if ((class == 0) && ((detail == 1) || (detail == 2 ) || (detail == 3 ) || (detail == 4 ))) {
-			// we should probably search for options as well and payload
+			// we should probably search for options as well and payload for deeper inspection
 			NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Coap found ... req message\n");
 			ndpi_int_coap_add_connection(ndpi_struct,flow);
 			return;
 		}
 		if ((class == 2) || (class == 4) || (class == 5)) {
-			// we should probably search for options and payload
+			// we should probably search for options as well and payload for deeper inspection
 			NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Coap found ... resp message\n");
 			ndpi_int_coap_add_connection(ndpi_struct,flow);
 			return;
-- 
cgit v1.2.3