From dc9409ae123cee206d0664e04d82e34ba01402eb Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 5 Jun 2018 23:02:24 +0200 Subject: Added missing include --- src/lib/protocols/btlib.c | 2 ++ src/lib/third_party/include/hash.h | 2 ++ src/lib/third_party/src/hash.c | 2 ++ 3 files changed, 6 insertions(+) (limited to 'src/lib') diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index ac456f364..4a63ebc31 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -22,6 +22,8 @@ * */ +#include "ndpi_api.h" + #ifndef NDPI_NO_STD_INC #include #include diff --git a/src/lib/third_party/include/hash.h b/src/lib/third_party/include/hash.h index 8862671b1..4f53e5a5e 100644 --- a/src/lib/third_party/include/hash.h +++ b/src/lib/third_party/include/hash.h @@ -3,6 +3,8 @@ #ifndef _HASH_H_ #define _HASH_H_ +#include "ndpi_api.h" + struct entry_s { char *key; u_int16_t value; diff --git a/src/lib/third_party/src/hash.c b/src/lib/third_party/src/hash.c index 792d6086e..61ba9fbf6 100644 --- a/src/lib/third_party/src/hash.c +++ b/src/lib/third_party/src/hash.c @@ -1,5 +1,7 @@ /* Based on https://gist.github.com/tonious/1377667 */ +#include +#include #include #include #include -- cgit v1.2.3 From e00b06926e4acc01e56fefb47e0b45f1ea53436d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 11 Jun 2018 16:22:02 +0200 Subject: Fix for handling IP address based custom categories --- example/ndpiReader.c | 29 +++++++++++++++++++---------- src/lib/ndpi_main.c | 13 +++++++++---- 2 files changed, 28 insertions(+), 14 deletions(-) (limited to 'src/lib') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 5a8f91139..9dacf000a 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -380,7 +380,7 @@ void extcap_config() { struct ndpi_proto_sorter *protos; u_int ndpi_num_supported_protocols = ndpi_get_ndpi_num_supported_protocols(ndpi_info_mod); ndpi_proto_defaults_t *proto_defaults = ndpi_get_proto_defaults(ndpi_info_mod); - + /* -i */ printf("arg {number=%d}{call=-i}{display=Capture Interface}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -601,7 +601,7 @@ static void parseOptions(int argc, char **argv) { extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg); if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); break; - + case 257: _debug_protocols = strdup(optarg); break; @@ -761,10 +761,12 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa fprintf(out, "[proto: %u/%s]", flow->detected_protocol.app_protocol, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); - + if(flow->detected_protocol.category != 0) - fprintf(out, "[cat: %s]", ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol.category)); + fprintf(out, "[cat: %s/%u]", + ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.category), + (unsigned int)flow->detected_protocol.category); fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes); fprintf(out, "%s %u pkts/%llu bytes]", @@ -1487,10 +1489,10 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { while(fd) { char buffer[512], *line, *name, *category; int i; - + if(!(line = fgets(buffer, sizeof(buffer), fd))) break; - + if(((i = strlen(line)) <= 1) || (line[0] == '#')) continue; else @@ -1501,9 +1503,16 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { category = strtok(NULL, "\t"); if(category) { + int fields[4]; + // printf("Loading %s\t%s\n", name, category); - ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, - name, (ndpi_protocol_category_t)atoi(category)); + + if(sscanf(name, "%d.%d.%d.%d", &fields[0], &fields[1], &fields[2], &fields[3]) == 4) + ndpi_load_ip_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, + name, (ndpi_protocol_category_t)atoi(category)); + else + ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, + name, (ndpi_protocol_category_t)atoi(category)); } } } @@ -3199,7 +3208,7 @@ int orginal_main(int argc, char **argv) { printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n"); return(-1); } - + automataUnitTest(); ndpi_info_mod = ndpi_init_detection_module(); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5f1f9800d..38930af45 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2457,9 +2457,8 @@ char * strsep(char **sp, char *sep) /* ******************************************************************** */ - -int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, u_int8_t do_add) { - +int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, + char* rule, u_int8_t do_add) { char *at, *proto, *elem; ndpi_proto_defaults_t *def; int subprotocol_id, i; @@ -2575,7 +2574,6 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, */ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path) { - FILE *fd = fopen(path, "r"); int i; @@ -4057,6 +4055,13 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) #endif } + if(ndpi_str->custom_categories.ipAddresses != NULL) + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses, + free_ptree_data); + + ndpi_str->custom_categories.ipAddresses = ndpi_str->custom_categories.ipAddresses_shadow; + ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); + ndpi_str->custom_categories.categories_loaded = 1; return(0); -- cgit v1.2.3 From 3986a951d8e032b3a25dc3db8198898658502f15 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 21 Jun 2018 16:13:18 +0200 Subject: Suppressed invalid messages with -q -j now accepts - as stdout --- example/ndpiReader.c | 16 +++++++++++----- src/lib/ndpi_content_match.c.inc | 16 ++++++++-------- 2 files changed, 19 insertions(+), 13 deletions(-) (limited to 'src/lib') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9dacf000a..9b10fe6c5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -547,7 +547,7 @@ static void parseOptions(int argc, char **argv) { case 'j': #ifndef HAVE_JSON_C - printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); + printf("WARNING: this copy of ndpiReader has been compiled without json-c: JSON export disabled\n"); #else _jsonFilePath = optarg; json_flag = 1; @@ -1897,6 +1897,7 @@ static void printResults(u_int64_t tot_usec) { char buf[32]; #ifdef HAVE_JSON_C FILE *json_fp = NULL; + u_int8_t dont_close_json_fp = 0; json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; @@ -2005,10 +2006,14 @@ static void printResults(u_int64_t tot_usec) { if(json_flag) { #ifdef HAVE_JSON_C - if((json_fp = fopen(_jsonFilePath,"w")) == NULL) { + if(!strcmp(_jsonFilePath, "-")) + json_fp = stderr, dont_close_json_fp = 1; + else if((json_fp = fopen(_jsonFilePath,"w")) == NULL) { printf("Error creating .json file %s\n", _jsonFilePath); json_flag = 0; - } else { + } + + if(json_flag) { jObj_main = json_object_new_object(); jObj_trafficStats = json_object_new_object(); jArray_detProto = json_object_new_array(); @@ -2159,7 +2164,7 @@ static void printResults(u_int64_t tot_usec) { json_object_object_add(jObj_main,"unknown.flows",jArray_unknown_flows); fprintf(json_fp,"%s\n",json_object_to_json_string(jObj_main)); - fclose(json_fp); + if(!dont_close_json_fp) fclose(json_fp); #endif } @@ -2473,7 +2478,8 @@ static void pcap_process_packet(u_char *args, memset(&ndpi_thread_info[thread_id].workflow->stats, 0, sizeof(struct ndpi_stats)); } - printf("\n-------------------------------------------\n\n"); + if(!quiet_mode) + printf("\n-------------------------------------------\n\n"); memcpy(&begin, &end, sizeof(begin)); memcpy(&pcap_start, &pcap_end, sizeof(pcap_start)); diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d65565b3c..ab36cbf48 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8053,6 +8053,14 @@ ndpi_protocol_match host_match[] = { { ".ebaystratus.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".ebayimg.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ + { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "facebook.com", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8221,14 +8229,6 @@ ndpi_protocol_match host_match[] = { { ".snapchat.", NULL, "\\.snapchat\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".snapads.", NULL, "\\.snapads\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".waze.com", NULL, NULL, "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".deezer.com", NULL, NULL, "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 7fce8f02d2e4d08aa048512b0cbc24edc9f1e26b Mon Sep 17 00:00:00 2001 From: Marcus Hufvudsson Date: Mon, 2 Jul 2018 19:54:37 +0200 Subject: Added showmax.com detection --- src/include/ndpi_protocol_ids.h | 1 + src/lib/ndpi_content_match.c.inc | 3 +++ 2 files changed, 4 insertions(+) (limited to 'src/lib') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index d04722b8d..6d7b5ba8b 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -285,6 +285,7 @@ #define NDPI_PROTOCOL_WHATSAPP_FILES 242 /* Videos, pictures, voice messages... */ #define NDPI_PROTOCOL_VIDTO 243 /* VidTO streaming service */ #define NDPI_PROTOCOL_RAPIDVIDEO 244 /* RapidVideo streaming */ +#define NDPI_PROTOCOL_SHOWMAX 245 /* showmax.com video streaming */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_RAPIDVIDEO diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ab36cbf48..60671b3cd 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8374,6 +8374,9 @@ ndpi_protocol_match host_match[] = { { ".rapidvideo.com", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".playercdn.net", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "showmax.com", NULL, NULL, "Showmax", NDPI_PROTOCOL_SHOWMAX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "showmax.akamaized.net", NULL, NULL, "Showmax", NDPI_PROTOCOL_SHOWMAX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { NULL, NULL, NULL, 0 } }; -- cgit v1.2.3 From 90ffa1fc2ca87b166e9447643deffb8220ae44ec Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 16 Jul 2018 09:21:34 +0200 Subject: Updated twitter invalid address range Using content substring match in category search --- example/ndpiReader.c | 2 +- src/lib/ndpi_content_match.c.inc | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9b10fe6c5..39748cd90 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1465,7 +1465,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, ndpi_pref_dns_dissect_response, 0); ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, - ndpi_pref_enable_category_substring_match, 0); + ndpi_pref_enable_category_substring_match, 1); ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow, on_protocol_discovered, (void *)(uintptr_t)thread_id); diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 60671b3cd..42031fc2b 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -71,7 +71,6 @@ static ndpi_network host_protocol_list[] = { { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xBC40E000 /* 188.64.224.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, { 0xC02C4400 /* 192.44.68.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC030EC00 /* 192.48.236.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, @@ -609,10 +608,10 @@ static ndpi_network host_protocol_list[] = { /* Teamviewer 159.122.189.32-63 */ { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER }, +#if 0 /* IFLIX services -by www.vizuamatix.com R&D team */ - { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, @@ -622,6 +621,7 @@ static ndpi_network host_protocol_list[] = { { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, +#endif /* Citrix GotoMeeting (AS16815, AS21866) @@ -8033,6 +8033,7 @@ ndpi_protocol_match host_match[] = { { "swscan.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tlnk.io", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".apple.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".icloud.com", NULL, NULL, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 1ebc510bcb7b597ac5bd685608f34a47df8c5522 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 17 Jul 2018 15:48:24 +0200 Subject: Fied substring matching --- src/lib/ndpi_main.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 38930af45..0faffe70f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1886,16 +1886,36 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, void *param) { int *matching_protocol_id = (int*)param; int min_len = (txt->length < m->patterns->length) ? txt->length : m->patterns->length; + char *match, buf[64]; + int min_buf_len = (txt->length > 63 /* sizeof(buf)-1 */) ? 63 : txt->length; + /* Return 1 for stopping to the first match. We might consider searching for the more specific match, paying more cpu cycles. */ + if(m->match_num == 0) { +#ifdef MATCH_DEBUG + printf("Skipping match [to search: %s][pattern: %s] [len: %u]\n", buf, m->patterns->astring, min_len); +#endif + return(0); /* No match */ + } + *matching_protocol_id = m->patterns[0].rep.number; - if(strncmp(txt->astring, m->patterns->astring, min_len) == 0) + strncpy(buf, txt->astring, min_buf_len); + buf[min_buf_len] = '\0'; + +#ifdef MATCH_DEBUG + printf("Searching [to search: %s][pattern: %s] [len: %u]\n", buf, m->patterns->astring, min_len); +#endif + + if(strncmp(buf, m->patterns->astring, min_len) == 0) { +#ifdef MATCH_DEBUG + printf("Found match [%s][%s] [len: %u]\n", buf, m->patterns->astring, min_len); +#endif return(1); /* If the pattern found matches the string at the beginning we stop here */ - else + } else return 0; /* 0 to continue searching, !0 to stop */ } -- cgit v1.2.3 From 06789406ad322933284a6118040c41e2ed116f0b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 17 Jul 2018 17:49:59 +0200 Subject: Pattern match improvements --- src/lib/ndpi_main.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0faffe70f..3306e25a6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1889,27 +1889,23 @@ static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, void *param) { char *match, buf[64]; int min_buf_len = (txt->length > 63 /* sizeof(buf)-1 */) ? 63 : txt->length; + strncpy(buf, txt->astring, min_buf_len); + buf[min_buf_len] = '\0'; + +#ifdef MATCH_DEBUG + printf("Searching [to search: %s/%u][pattern: %s/%u] [len: %u][match_num: %u]\n", + buf, txt->length, m->patterns->astring, m->patterns->length, min_len, + m->match_num); +#endif + /* Return 1 for stopping to the first match. We might consider searching for the more specific match, paying more cpu cycles. */ - if(m->match_num == 0) { -#ifdef MATCH_DEBUG - printf("Skipping match [to search: %s][pattern: %s] [len: %u]\n", buf, m->patterns->astring, min_len); -#endif - return(0); /* No match */ - } *matching_protocol_id = m->patterns[0].rep.number; - strncpy(buf, txt->astring, min_buf_len); - buf[min_buf_len] = '\0'; - -#ifdef MATCH_DEBUG - printf("Searching [to search: %s][pattern: %s] [len: %u]\n", buf, m->patterns->astring, min_len); -#endif - if(strncmp(buf, m->patterns->astring, min_len) == 0) { #ifdef MATCH_DEBUG printf("Found match [%s][%s] [len: %u]\n", buf, m->patterns->astring, min_len); @@ -2245,6 +2241,8 @@ static int hyperscanCustomEventHandler(unsigned int id, static int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct, char *name, unsigned long *id) { + /* printf("[NDPI] %s(%s)\n", __FUNCTION__, name); */ + if(!ndpi_struct->enable_category_substring_match) { if(ndpi_struct->custom_categories.hostnames_hash == NULL) return(-1); @@ -3934,6 +3932,14 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ +/* + * + * IMPORTANT + * + * The *name pointer MUST be kept allocated until the automa is finalized and it + * cannot be recycled across multiple ndpi_load_hostname_category() calls + * + */ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, char *name, ndpi_protocol_category_t category) { if(name == NULL) @@ -3969,7 +3975,7 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct tmp[j] = '\0'; - h->expression = strdup(name), h->id = (unsigned int)category; + h->expression = ndpi_strdup(name), h->id = (unsigned int)category; if(h->expression == NULL) { free(h); return(-2); -- cgit v1.2.3 From 34dfe7d375e4fb3bf987f250f260b5b1a7cd15bb Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 17 Jul 2018 18:21:06 +0200 Subject: Improved tor detection to limit false positives --- src/lib/protocols/tor.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index 462833db0..134f191c3 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -22,7 +22,7 @@ static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate) { - int prev_num = 0, numbers_found = 0, num_found = 0, i, len; + int prev_num = 0, numbers_found = 0, num_found = 0, i, len, num_impossible = 0; char dummy[48], *dot, *name; if(certificate == NULL) @@ -73,12 +73,11 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) { num_found++; } else if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) { - ndpi_int_tor_add_connection(ndpi_struct, flow); - return(1); + num_impossible++; } } - if(num_found == 0) { + if((num_found == 0) || (num_impossible > 1)) { ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); } else { -- cgit v1.2.3 From 475f54e9d1c9008004c407e1f098a21e42bed8a2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 18 Jul 2018 17:33:28 +0200 Subject: Fixed name clash --- src/lib/protocols/diameter.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c index 24317f498..f2f342914 100644 --- a/src/lib/protocols/diameter.c +++ b/src/lib/protocols/diameter.c @@ -1,5 +1,5 @@ /* - * aimini.c + * diameter.c * * Copyright (C) 2018 - ntop.org * Written by Michele Campus - @@ -31,10 +31,10 @@ // Header Flags possibile values -#define REQUEST 0X80 -#define PROXYABLE 0X40 -#define ERROR 0X20 -#define RETRASM 0X10 +#define DIAMETER_REQUEST 0X80 +#define DIAMETER_PROXYABLE 0X40 +#define DIAMETER_ERROR 0X20 +#define DIAMETER_RETRASM 0X10 typedef enum { AC = 271, @@ -73,10 +73,10 @@ int is_diameter(struct ndpi_packet_struct *packet, int size_payload) // check if the packet is diameter if(diameter->version == 0x01 && - (diameter->flags == REQUEST || - diameter->flags == PROXYABLE || - diameter->flags == ERROR || - diameter->flags == RETRASM)) { + (diameter->flags == DIAMETER_REQUEST || + diameter->flags == DIAMETER_PROXYABLE || + diameter->flags == DIAMETER_ERROR || + diameter->flags == DIAMETER_RETRASM)) { u_int16_t com_code = diameter->com_code[2] + (diameter->com_code[1] << 8) + (diameter->com_code[0] << 8); -- cgit v1.2.3 From 30b72eae64cb9379015a183a7d49da24b564c85f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 18 Jul 2018 21:29:26 +0200 Subject: Changed RTP from VoIP to Media category --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3306e25a6..dc090b698 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1365,7 +1365,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, no_master, - no_master, "RTP", NDPI_PROTOCOL_CATEGORY_VOIP, + no_master, "RTP", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, -- cgit v1.2.3 From 8b0e735f675524cf8fc736f18fed9c61f9b36258 Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Fri, 20 Jul 2018 13:26:44 -0400 Subject: Decreased minimum packet payload length down to 19 from 100 for SSDP. The minimum packet payload length is: "NOTIFY * HTTP/1.1" + 0x0d + 0x0a (19 bytes). --- src/lib/protocols/ssdp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index ce681d9b6..203edabb9 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -45,7 +45,7 @@ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_DBG(ndpi_struct, "search ssdp\n"); if (packet->udp != NULL) { - if (packet->payload_packet_len > 100) { + if (packet->payload_packet_len >= 19) { if ((memcmp(packet->payload, "M-SEARCH * HTTP/1.1", 19) == 0) || memcmp(packet->payload, "NOTIFY * HTTP/1.1", 17) == 0) { -- cgit v1.2.3 From fbf6bd2be8cc6a8b1a091606e378698f7b6cdeac Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Fri, 20 Jul 2018 13:51:17 -0400 Subject: Fix end-of-line bounds handling. The existing implementation misses ending lines and as a result, fails to match certain protocols (SMTP for example, which needs to see at least 3 commain/response matches). It appears from the commit history that an attempt was made (end-1) to prevent reads past payload length. This can be ensured by simply not reading any payload that is < 3 bytes. The updated logic for this loop is: - Payload length is >= 3 bytes, or return. - Loop over payload, compare for EOL (CR + NL) sequence. - If found, process string. - If index 'a' plus two is less than payload length, increment 'a' by one and continue. - Loop return always increments index 'a' by one. --- src/lib/ndpi_main.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dc090b698..f082ad641 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4456,7 +4456,6 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc { u_int32_t a; struct ndpi_packet_struct *packet = &flow->packet; - u_int16_t end = packet->payload_packet_len - 1; if(packet->packet_lines_parsed_complete != 0) return; @@ -4497,15 +4496,14 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->http_response.len = 0; packet->http_num_headers=0; - if((packet->payload_packet_len == 0) - || (packet->payload == NULL) - || (end == 0)) + if((packet->payload_packet_len < 3) + || (packet->payload == NULL)) return; packet->line[packet->parsed_lines].ptr = packet->payload; packet->line[packet->parsed_lines].len = 0; - for(a = 0; a < end-1 /* This because get_u_int16_t(packet->payload, a) reads 2 bytes */; a++) { + for(a = 0; a < packet->payload_packet_len; a++) { if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { /* If end of line char sequence CR+NL "\r\n", process line */ packet->line[packet->parsed_lines].len = (u_int16_t)(((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr)); -- cgit v1.2.3 From 667e77c609d842a9a41930b590de206fb2b917fe Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 21 Jul 2018 16:02:54 +0200 Subject: Major code cleanup Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection --- autogen.sh | 2 +- configure.seed | 2 +- example/ndpi_util.h | 4 +- src/include/ndpi_api.h | 6 +- src/include/ndpi_main.h | 5 +- src/include/ndpi_protocol_ids.h | 520 ++++++++++++++++----------------- src/include/ndpi_typedefs.h | 433 +++++++++++++-------------- src/lib/Makefile | 24 ++ src/lib/Makefile.am | 181 ------------ src/lib/Makefile.simple | 22 -- src/lib/ndpi_content_match.c.inc | 61 ++-- src/lib/ndpi_main.c | 27 +- src/lib/protocols/afp.c | 8 +- src/lib/protocols/aimini.c | 6 +- src/lib/protocols/ajp.c | 4 - src/lib/protocols/amqp.c | 5 +- src/lib/protocols/apple_push.c | 5 - src/lib/protocols/applejuice.c | 6 +- src/lib/protocols/armagetron.c | 7 +- src/lib/protocols/attic/flash.c | 2 +- src/lib/protocols/attic/ftp.c | 2 +- src/lib/protocols/attic/manolito.c | 2 +- src/lib/protocols/attic/popo.c | 2 +- src/lib/protocols/attic/secondlife.c | 2 +- src/lib/protocols/ayiya.c | 6 +- src/lib/protocols/battlefield.c | 6 +- src/lib/protocols/bgp.c | 6 +- src/lib/protocols/bittorrent.c | 4 - src/lib/protocols/bjnp.c | 12 +- src/lib/protocols/btlib.c | 2 +- src/lib/protocols/checkmk.c | 7 +- src/lib/protocols/ciscovpn.c | 4 - src/lib/protocols/citrix.c | 6 +- src/lib/protocols/coap.c | 4 - src/lib/protocols/collectd.c | 6 +- src/lib/protocols/corba.c | 3 - src/lib/protocols/crossfire.c | 6 +- src/lib/protocols/csgo.c | 4 - src/lib/protocols/dcerpc.c | 5 +- src/lib/protocols/dhcp.c | 6 +- src/lib/protocols/dhcpv6.c | 6 +- src/lib/protocols/diameter.c | 9 +- src/lib/protocols/directconnect.c | 6 +- src/lib/protocols/directdownloadlink.c | 6 +- src/lib/protocols/dns.c | 6 +- src/lib/protocols/dofus.c | 6 +- src/lib/protocols/drda.c | 6 +- src/lib/protocols/dropbox.c | 8 +- src/lib/protocols/eaq.c | 6 +- src/lib/protocols/edonkey.c | 3 - src/lib/protocols/fasttrack.c | 6 +- src/lib/protocols/fbzero.c | 3 - src/lib/protocols/fiesta.c | 5 +- src/lib/protocols/fix.c | 7 +- src/lib/protocols/florensia.c | 6 +- src/lib/protocols/ftp_control.c | 6 +- src/lib/protocols/ftp_data.c | 6 +- src/lib/protocols/git.c | 7 +- src/lib/protocols/gnutella.c | 6 +- src/lib/protocols/gtp.c | 6 +- src/lib/protocols/guildwars.c | 6 +- src/lib/protocols/h323.c | 7 +- src/lib/protocols/halflife2_and_mods.c | 6 +- src/lib/protocols/hangout.c | 5 +- src/lib/protocols/hep.c | 25 +- src/lib/protocols/http.c | 45 +-- src/lib/protocols/http_activesync.c | 40 ++- src/lib/protocols/iax.c | 6 +- src/lib/protocols/icecast.c | 28 +- src/lib/protocols/ipp.c | 6 +- src/lib/protocols/irc.c | 9 +- src/lib/protocols/jabber.c | 13 +- src/lib/protocols/kakaotalk_voice.c | 8 +- src/lib/protocols/kerberos.c | 5 +- src/lib/protocols/kontiki.c | 8 +- src/lib/protocols/ldap.c | 5 +- src/lib/protocols/lisp.c | 3 - src/lib/protocols/lotus_notes.c | 6 +- src/lib/protocols/mail_imap.c | 8 +- src/lib/protocols/mail_pop.c | 6 +- src/lib/protocols/mail_smtp.c | 5 +- src/lib/protocols/maplestory.c | 6 +- src/lib/protocols/mdns.c | 5 +- src/lib/protocols/megaco.c | 8 +- src/lib/protocols/mgcp.c | 7 +- src/lib/protocols/mpegts.c | 5 +- src/lib/protocols/mqtt.c | 3 - src/lib/protocols/msn.c | 61 ++-- src/lib/protocols/mssql_tds.c | 6 +- src/lib/protocols/mysql.c | 6 +- src/lib/protocols/netbios.c | 6 +- src/lib/protocols/netflow.c | 5 +- src/lib/protocols/nfs.c | 5 +- src/lib/protocols/nintendo.c | 5 +- src/lib/protocols/noe.c | 6 +- src/lib/protocols/non_tcp_udp.c | 62 ++-- src/lib/protocols/ntp.c | 5 +- src/lib/protocols/openft.c | 6 +- src/lib/protocols/openvpn.c | 6 +- src/lib/protocols/oracle.c | 4 - src/lib/protocols/oscar.c | 6 +- src/lib/protocols/pando.c | 4 - src/lib/protocols/pcanywhere.c | 5 +- src/lib/protocols/postgres.c | 5 +- src/lib/protocols/pplive.c | 3 - src/lib/protocols/ppstream.c | 5 +- src/lib/protocols/pptp.c | 6 +- src/lib/protocols/qq.c | 12 +- src/lib/protocols/quic.c | 12 +- src/lib/protocols/radius.c | 6 +- src/lib/protocols/rdp.c | 6 +- src/lib/protocols/redis_net.c | 6 +- src/lib/protocols/rsync.c | 6 +- src/lib/protocols/rtcp.c | 10 +- src/lib/protocols/rtmp.c | 3 - src/lib/protocols/rtp.c | 19 +- src/lib/protocols/rtsp.c | 16 +- src/lib/protocols/rx.c | 5 +- src/lib/protocols/sflow.c | 5 +- src/lib/protocols/shoutcast.c | 8 +- src/lib/protocols/sip.c | 21 +- src/lib/protocols/skinny.c | 4 - src/lib/protocols/skype.c | 6 +- src/lib/protocols/smb.c | 5 +- src/lib/protocols/smpp.c | 6 +- src/lib/protocols/snmp.c | 5 +- src/lib/protocols/socks45.c | 5 +- src/lib/protocols/someip.c | 3 - src/lib/protocols/sopcast.c | 5 +- src/lib/protocols/soulseek.c | 6 +- src/lib/protocols/spotify.c | 3 - src/lib/protocols/ssdp.c | 5 +- src/lib/protocols/ssh.c | 5 +- src/lib/protocols/ssl.c | 29 +- src/lib/protocols/starcraft.c | 5 +- src/lib/protocols/stealthnet.c | 5 +- src/lib/protocols/steam.c | 4 - src/lib/protocols/stun.c | 6 +- src/lib/protocols/syslog.c | 6 +- src/lib/protocols/tcp_udp.c | 2 +- src/lib/protocols/teamspeak.c | 3 - src/lib/protocols/teamviewer.c | 5 +- src/lib/protocols/telegram.c | 5 +- src/lib/protocols/telnet.c | 6 +- src/lib/protocols/teredo.c | 5 +- src/lib/protocols/tftp.c | 5 +- src/lib/protocols/thunder.c | 6 +- src/lib/protocols/tinc.c | 5 +- src/lib/protocols/tor.c | 5 +- src/lib/protocols/tvants.c | 6 +- src/lib/protocols/tvuplayer.c | 6 +- src/lib/protocols/ubntac2.c | 5 - src/lib/protocols/usenet.c | 6 +- src/lib/protocols/vhua.c | 5 +- src/lib/protocols/viber.c | 6 +- src/lib/protocols/vmware.c | 6 +- src/lib/protocols/vnc.c | 6 +- src/lib/protocols/warcraft3.c | 5 +- src/lib/protocols/whatsapp.c | 4 - src/lib/protocols/whoisdas.c | 6 +- src/lib/protocols/world_of_kung_fu.c | 5 +- src/lib/protocols/world_of_warcraft.c | 5 +- src/lib/protocols/xbox.c | 6 +- src/lib/protocols/xdmcp.c | 6 +- src/lib/protocols/yahoo.c | 13 +- src/lib/protocols/zattoo.c | 6 +- src/lib/protocols/zeromq.c | 5 +- 167 files changed, 813 insertions(+), 1635 deletions(-) create mode 100644 src/lib/Makefile delete mode 100644 src/lib/Makefile.am delete mode 100644 src/lib/Makefile.simple (limited to 'src/lib') diff --git a/autogen.sh b/autogen.sh index fecb6b1f8..6ce84c3b4 100755 --- a/autogen.sh +++ b/autogen.sh @@ -2,7 +2,7 @@ NDPI_MAJOR="2" NDPI_MINOR="3" -NDPI_PATCH="0" +NDPI_PATCH="1" NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" rm -f configure config.h config.h.in src/lib/Makefile.in diff --git a/configure.seed b/configure.seed index 9813f54c0..993ee03fa 100644 --- a/configure.seed +++ b/configure.seed @@ -119,7 +119,7 @@ AC_ARG_ENABLE([debug-messages], AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) -AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) diff --git a/example/ndpi_util.h b/example/ndpi_util.h index a6adb88c1..0ea174aa5 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -1,7 +1,7 @@ /* * ndpi_util.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -24,7 +24,7 @@ * If you concern about performance or have to integrate nDPI in your * application, you could need to reimplement them yourself. * - * WARNING: this API is unstable! Use it at your own risk! + * WARNING: this API is just a demo od nDPI usage: Use it at your own risk! */ #ifndef __NDPI_UTIL_H__ #define __NDPI_UTIL_H__ diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 16ac45de0..358c0491c 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -606,7 +606,7 @@ extern "C" { void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa); -#ifdef NDPI_PROTOCOL_HTTP +/* NDPI_PROTOCOL_HTTP */ /** * Retrieve information for HTTP flows * @@ -639,9 +639,8 @@ extern "C" { */ char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); -#endif -#ifdef NDPI_PROTOCOL_TOR +/* NDPI_PROTOCOL_TOR */ /** * Check if the flow could be detected as TOR protocol * @@ -654,7 +653,6 @@ extern "C" { */ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate); -#endif /* Wrappers functions */ /** diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index b76335e02..b18efa21a 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -1,7 +1,7 @@ /* * ndpi_main.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -105,9 +105,8 @@ extern "C" { extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); -#ifdef NDPI_PROTOCOL_NETBIOS + #/* NDPI_PROTOCOL_NETBIOS */ int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len); -#endif #ifdef NDPI_ENABLE_DEBUG_MESSAGES void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1a7671169..59de3ee0e 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -33,267 +33,265 @@ #define NDPI_DETECTION_SUPPORT_IPV6 #define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +typedef enum { + NDPI_PROTOCOL_UNKNOWN = 0, + NDPI_PROTOCOL_FTP_CONTROL = 1, /* Tomasz Bujlow */ + NDPI_PROTOCOL_MAIL_POP = 2, + NDPI_PROTOCOL_MAIL_SMTP = 3, + NDPI_PROTOCOL_MAIL_IMAP = 4, + NDPI_PROTOCOL_DNS = 5, + NDPI_PROTOCOL_IPP = 6, + NDPI_PROTOCOL_HTTP = 7, + NDPI_PROTOCOL_MDNS = 8, + NDPI_PROTOCOL_NTP = 9, + NDPI_PROTOCOL_NETBIOS = 10, + NDPI_PROTOCOL_NFS = 11, + NDPI_PROTOCOL_SSDP = 12, + NDPI_PROTOCOL_BGP = 13, + NDPI_PROTOCOL_SNMP = 14, + NDPI_PROTOCOL_XDMCP = 15, + NDPI_PROTOCOL_SMB = 16, + NDPI_PROTOCOL_SYSLOG = 17, + NDPI_PROTOCOL_DHCP = 18, + NDPI_PROTOCOL_POSTGRES = 19, + NDPI_PROTOCOL_MYSQL = 20, + NDPI_PROTOCOL_HOTMAIL = 21, + NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK = 22, + NDPI_PROTOCOL_MAIL_POPS = 23, + NDPI_PROTOCOL_APPLEJUICE = 24, + NDPI_PROTOCOL_DIRECTCONNECT = 25, + NDPI_PROTOCOL_NTOP = 26, + NDPI_PROTOCOL_COAP = 27, + NDPI_PROTOCOL_VMWARE = 28, + NDPI_PROTOCOL_MAIL_SMTPS = 29, + NDPI_PROTOCOL_FBZERO = 30, + NDPI_PROTOCOL_UBNTAC2 = 31, /* Ubiquity UBNT AirControl = 2 - Thomas Fjellstrom */ + NDPI_PROTOCOL_KONTIKI = 32, + NDPI_PROTOCOL_OPENFT = 33, + NDPI_PROTOCOL_FASTTRACK = 34, + NDPI_PROTOCOL_GNUTELLA = 35, + NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow */ + NDPI_PROTOCOL_BITTORRENT = 37, + NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, + NDPI_PROTOCOL_MUSICALLY = 39, -#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN + NDPI_PROTOCOL_FREE_40 = 40, /* Free */ + NDPI_PROTOCOL_FREE_41 = 41, /* Free */ + NDPI_PROTOCOL_FREE_42 = 42, /* Free */ + NDPI_PROTOCOL_FREE_43 = 43, /* Free */ + NDPI_PROTOCOL_FREE_44 = 44, /* Free */ + NDPI_PROTOCOL_FREE_45 = 45, /* Free */ + NDPI_PROTOCOL_FREE_46 = 46, /* Free */ + + NDPI_PROTOCOL_XBOX = 47, + NDPI_PROTOCOL_QQ = 48, + NDPI_PROTOCOL_SKYPE_CALL_IN = 49, + NDPI_PROTOCOL_RTSP = 50, + NDPI_PROTOCOL_MAIL_IMAPS = 51, + NDPI_PROTOCOL_ICECAST = 52, + NDPI_PROTOCOL_PPLIVE = 53, /* Tomasz Bujlow */ + NDPI_PROTOCOL_PPSTREAM = 54, + NDPI_PROTOCOL_ZATTOO = 55, + NDPI_PROTOCOL_SHOUTCAST = 56, + NDPI_PROTOCOL_SOPCAST = 57, + NDPI_PROTOCOL_TVANTS = 58, + NDPI_PROTOCOL_TVUPLAYER = 59, + NDPI_PROTOCOL_HTTP_DOWNLOAD = 60, + NDPI_PROTOCOL_QQLIVE = 61, + NDPI_PROTOCOL_THUNDER = 62, + NDPI_PROTOCOL_SOULSEEK = 63, + NDPI_PROTOCOL_SSL_NO_CERT = 64, + NDPI_PROTOCOL_IRC = 65, + NDPI_PROTOCOL_AYIYA = 66, + NDPI_PROTOCOL_UNENCRYPTED_JABBER = 67, + NDPI_PROTOCOL_MSN = 68, + NDPI_PROTOCOL_OSCAR = 69, + NDPI_PROTOCOL_YAHOO = 70, + NDPI_PROTOCOL_BATTLEFIELD = 71, + NDPI_PROTOCOL_GOOGLE_PLUS = 72, + NDPI_PROTOCOL_IP_VRRP = 73, + NDPI_PROTOCOL_STEAM = 74, /* Tomasz Bujlow */ + NDPI_PROTOCOL_HALFLIFE2 = 75, + NDPI_PROTOCOL_WORLDOFWARCRAFT = 76, + NDPI_PROTOCOL_TELNET = 77, + NDPI_PROTOCOL_STUN = 78, + NDPI_PROTOCOL_IP_IPSEC = 79, + NDPI_PROTOCOL_IP_GRE = 80, + NDPI_PROTOCOL_IP_ICMP = 81, + NDPI_PROTOCOL_IP_IGMP = 82, + NDPI_PROTOCOL_IP_EGP = 83, + NDPI_PROTOCOL_IP_SCTP = 84, + NDPI_PROTOCOL_IP_OSPF = 85, + NDPI_PROTOCOL_IP_IP_IN_IP = 86, + NDPI_PROTOCOL_RTP = 87, + NDPI_PROTOCOL_RDP = 88, + NDPI_PROTOCOL_VNC = 89, + NDPI_PROTOCOL_PCANYWHERE = 90, + NDPI_PROTOCOL_SSL = 91, + NDPI_PROTOCOL_SSH = 92, + NDPI_PROTOCOL_USENET = 93, + NDPI_PROTOCOL_MGCP = 94, + NDPI_PROTOCOL_IAX = 95, + NDPI_PROTOCOL_TFTP = 96, + NDPI_PROTOCOL_AFP = 97, + NDPI_PROTOCOL_STEALTHNET = 98, + NDPI_PROTOCOL_AIMINI = 99, + NDPI_PROTOCOL_SIP = 100, + NDPI_PROTOCOL_TRUPHONE = 101, + NDPI_PROTOCOL_IP_ICMPV6 = 102, + NDPI_PROTOCOL_DHCPV6 = 103, + NDPI_PROTOCOL_ARMAGETRON = 104, + NDPI_PROTOCOL_CROSSFIRE = 105, + NDPI_PROTOCOL_DOFUS = 106, + NDPI_PROTOCOL_FIESTA = 107, + NDPI_PROTOCOL_FLORENSIA = 108, + NDPI_PROTOCOL_GUILDWARS = 109, + NDPI_PROTOCOL_HTTP_ACTIVESYNC = 110, + NDPI_PROTOCOL_KERBEROS = 111, + NDPI_PROTOCOL_LDAP = 112, + NDPI_PROTOCOL_MAPLESTORY = 113, + NDPI_PROTOCOL_MSSQL_TDS = 114, + NDPI_PROTOCOL_PPTP = 115, + NDPI_PROTOCOL_WARCRAFT3 = 116, + NDPI_PROTOCOL_WORLD_OF_KUNG_FU = 117, + NDPI_PROTOCOL_SLACK = 118, + NDPI_PROTOCOL_FACEBOOK = 119, + NDPI_PROTOCOL_TWITTER = 120, + NDPI_PROTOCOL_DROPBOX = 121, + NDPI_PROTOCOL_GMAIL = 122, + NDPI_PROTOCOL_GOOGLE_MAPS = 123, + NDPI_PROTOCOL_YOUTUBE = 124, + NDPI_PROTOCOL_SKYPE = 125, + NDPI_PROTOCOL_GOOGLE = 126, + NDPI_PROTOCOL_DCERPC = 127, + NDPI_PROTOCOL_NETFLOW = 128, + NDPI_PROTOCOL_SFLOW = 129, + NDPI_PROTOCOL_HTTP_CONNECT = 130, + NDPI_PROTOCOL_HTTP_PROXY = 131, + NDPI_PROTOCOL_CITRIX = 132, /* It also includes the old NDPI_PROTOCOL_CITRIX_ONLINE */ + NDPI_PROTOCOL_NETFLIX = 133, + NDPI_PROTOCOL_LASTFM = 134, + NDPI_PROTOCOL_WAZE = 135, + NDPI_PROTOCOL_YOUTUBE_UPLOAD = 136, /* Upload files to youtube */ + NDPI_PROTOCOL_GENERIC = 137, /* Generic protocol used for category matching */ + NDPI_PROTOCOL_CHECKMK = 138, + NDPI_PROTOCOL_AJP = 139, /* Leonn Paiva */ + NDPI_PROTOCOL_APPLE = 140, + NDPI_PROTOCOL_WEBEX = 141, + NDPI_PROTOCOL_WHATSAPP = 142, + NDPI_PROTOCOL_APPLE_ICLOUD = 143, + NDPI_PROTOCOL_VIBER = 144, + NDPI_PROTOCOL_APPLE_ITUNES = 145, + NDPI_PROTOCOL_RADIUS = 146, + NDPI_PROTOCOL_WINDOWS_UPDATE = 147, + NDPI_PROTOCOL_TEAMVIEWER = 148, /* xplico.org */ + NDPI_PROTOCOL_TUENTI = 149, + NDPI_PROTOCOL_LOTUS_NOTES = 150, + NDPI_PROTOCOL_SAP = 151, + NDPI_PROTOCOL_GTP = 152, + NDPI_PROTOCOL_UPNP = 153, + NDPI_PROTOCOL_LLMNR = 154, + NDPI_PROTOCOL_REMOTE_SCAN = 155, + NDPI_PROTOCOL_SPOTIFY = 156, + NDPI_PROTOCOL_MESSENGER = 157, + NDPI_PROTOCOL_H323 = 158, /* Remy Mudingay */ + NDPI_PROTOCOL_OPENVPN = 159, /* Remy Mudingay */ + NDPI_PROTOCOL_NOE = 160, /* Remy Mudingay */ + NDPI_PROTOCOL_CISCOVPN = 161, /* Remy Mudingay */ + NDPI_PROTOCOL_TEAMSPEAK = 162, /* Remy Mudingay */ + NDPI_PROTOCOL_TOR = 163, /* Remy Mudingay */ + NDPI_PROTOCOL_SKINNY = 164, /* Remy Mudingay */ + NDPI_PROTOCOL_RTCP = 165, /* Remy Mudingay */ + NDPI_PROTOCOL_RSYNC = 166, /* Remy Mudingay */ + NDPI_PROTOCOL_ORACLE = 167, /* Remy Mudingay */ + NDPI_PROTOCOL_CORBA = 168, /* Remy Mudingay */ + NDPI_PROTOCOL_UBUNTUONE = 169, /* Remy Mudingay */ + NDPI_PROTOCOL_WHOIS_DAS = 170, + NDPI_PROTOCOL_COLLECTD = 171, + NDPI_PROTOCOL_SOCKS = 172, /* Tomasz Bujlow */ + NDPI_PROTOCOL_NINTENDO = 173, + NDPI_PROTOCOL_RTMP = 174, /* Tomasz Bujlow */ + NDPI_PROTOCOL_FTP_DATA = 175, /* Tomasz Bujlow */ + NDPI_PROTOCOL_WIKIPEDIA = 176, /* Tomasz Bujlow */ + NDPI_PROTOCOL_ZMQ = 177, + NDPI_PROTOCOL_AMAZON = 178, /* Tomasz Bujlow */ + NDPI_PROTOCOL_EBAY = 179, /* Tomasz Bujlow */ + NDPI_PROTOCOL_CNN = 180, /* Tomasz Bujlow */ + NDPI_PROTOCOL_MEGACO = 181, /* Gianluca Costa */ + NDPI_PROTOCOL_REDIS = 182, + NDPI_PROTOCOL_PANDO = 183, /* Tomasz Bujlow */ + NDPI_PROTOCOL_VHUA = 184, + NDPI_PROTOCOL_TELEGRAM = 185, /* Gianluca Costa */ + NDPI_PROTOCOL_VEVO = 186, + NDPI_PROTOCOL_PANDORA = 187, + NDPI_PROTOCOL_QUIC = 188, /* Andrea Buscarinu - Michele Campus */ + NDPI_PROTOCOL_WHATSAPP_VOICE = 189, + NDPI_PROTOCOL_EAQ = 190, + NDPI_PROTOCOL_OOKLA = 191, + NDPI_PROTOCOL_AMQP = 192, + NDPI_PROTOCOL_KAKAOTALK = 193, /* KakaoTalk Chat (no voice call) */ + NDPI_PROTOCOL_KAKAOTALK_VOICE = 194, /* KakaoTalk Voice */ + NDPI_PROTOCOL_TWITCH = 195, /* Edoardo Dominici */ + NDPI_PROTOCOL_FREE_196 = 196, /* Free */ + NDPI_PROTOCOL_WECHAT = 197, + NDPI_PROTOCOL_MPEGTS = 198, + NDPI_PROTOCOL_SNAPCHAT = 199, + NDPI_PROTOCOL_SINA = 200, + NDPI_PROTOCOL_HANGOUT = 201, + NDPI_PROTOCOL_IFLIX = 202, /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ + NDPI_PROTOCOL_GITHUB = 203, + NDPI_PROTOCOL_BJNP = 204, + NDPI_PROTOCOL_FREE_205 = 205, /* Free */ + NDPI_PROTOCOL_VIDTO = 206, + NDPI_PROTOCOL_SMPP = 207, /* Damir Franusic */ + NDPI_PROTOCOL_DNSCRYPT = 208, + NDPI_PROTOCOL_TINC = 209, /* William Guglielmo */ + NDPI_PROTOCOL_DEEZER = 210, + NDPI_PROTOCOL_INSTAGRAM = 211, /* Andrea Buscarinu */ + NDPI_PROTOCOL_MICROSOFT = 212, + NDPI_PROTOCOL_STARCRAFT = 213, /* Matteo Bracci */ + NDPI_PROTOCOL_TEREDO = 214, + NDPI_PROTOCOL_HOTSPOT_SHIELD = 215, + NDPI_PROTOCOL_HEP = 216, /* sipcapture.org QXIP BV */ + NDPI_PROTOCOL_GOOGLE_DRIVE = 217, + NDPI_PROTOCOL_OCS = 218, + NDPI_PROTOCOL_OFFICE_365 = 219, + NDPI_PROTOCOL_CLOUDFLARE = 220, + NDPI_PROTOCOL_MS_ONE_DRIVE = 221, + NDPI_PROTOCOL_MQTT = 222, + NDPI_PROTOCOL_RX = 223, + NDPI_PROTOCOL_APPLESTORE = 224, + NDPI_PROTOCOL_OPENDNS = 225, + NDPI_PROTOCOL_GIT = 226, + NDPI_PROTOCOL_DRDA = 227, + NDPI_PROTOCOL_PLAYSTORE = 228, + NDPI_PROTOCOL_SOMEIP = 229, + NDPI_PROTOCOL_FIX = 230, + NDPI_PROTOCOL_PLAYSTATION = 231, + NDPI_PROTOCOL_PASTEBIN = 232, /* Paulo Angelo */ + NDPI_PROTOCOL_LINKEDIN = 233, /* Paulo Angelo */ + NDPI_PROTOCOL_SOUNDCLOUD = 234, + NDPI_PROTOCOL_CSGO = 235, /* Counter-Strike Global Offensive, Dota = 2 */ + NDPI_PROTOCOL_LISP = 236, + NDPI_PROTOCOL_DIAMETER = 237, + NDPI_PROTOCOL_APPLE_PUSH = 238, + NDPI_PROTOCOL_GOOGLE_SERVICES = 239, + NDPI_PROTOCOL_AMAZON_VIDEO = 240, + NDPI_PROTOCOL_GOOGLE_DOCS = 241, + NDPI_PROTOCOL_WHATSAPP_FILES = 242, /* Videos, pictures, voice messages... */ + /* + IMPORTANT + before allocating a new identifier please fill up + one of those named NDPI_PROTOCOL_FREE_XXX and not used + (placeholders to avoid protocol renumbering) + */ + + + /* IMPORTANT:NDPI_LAST_IMPLEMENTED_PROTOCOL MUST BE THE LAST ELEMENT */ + NDPI_LAST_IMPLEMENTED_PROTOCOL +} ndpi_protocol_ids; -#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 -#define NDPI_PROTOCOL_DNS 5 -#define NDPI_PROTOCOL_IPP 6 -#define NDPI_PROTOCOL_HTTP 7 -#define NDPI_PROTOCOL_MDNS 8 -#define NDPI_PROTOCOL_NTP 9 -#define NDPI_PROTOCOL_NETBIOS 10 -#define NDPI_PROTOCOL_NFS 11 -#define NDPI_PROTOCOL_SSDP 12 -#define NDPI_PROTOCOL_BGP 13 -#define NDPI_PROTOCOL_SNMP 14 -#define NDPI_PROTOCOL_XDMCP 15 -#define NDPI_PROTOCOL_SMB 16 -#define NDPI_PROTOCOL_SYSLOG 17 -#define NDPI_PROTOCOL_DHCP 18 -#define NDPI_PROTOCOL_POSTGRES 19 -#define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_PROTOCOL_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_NTOP 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FBZERO 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_SKYPE_CALL_OUT 38 -#define NDPI_PROTOCOL_MUSICALLY 39 - -/* 40..46 are free */ -#define NDPI_PROTOCOL_FREE_40 40 -#define NDPI_PROTOCOL_FREE_41 41 -#define NDPI_PROTOCOL_FREE_42 42 -#define NDPI_PROTOCOL_FREE_43 43 -#define NDPI_PROTOCOL_FREE_44 44 -#define NDPI_PROTOCOL_FREE_45 45 -#define NDPI_PROTOCOL_FREE_46 46 - -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_SKYPE_CALL_IN 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 -#define NDPI_PROTOCOL_ICECAST 52 -#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_PPSTREAM 54 -#define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 -#define NDPI_PROTOCOL_SOPCAST 57 -#define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 -#define NDPI_PROTOCOL_QQLIVE 61 -#define NDPI_PROTOCOL_THUNDER 62 -#define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 -#define NDPI_PROTOCOL_MSN 68 -#define NDPI_PROTOCOL_OSCAR 69 -#define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_GOOGLE_PLUS 72 -#define NDPI_PROTOCOL_IP_VRRP 73 -#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 -#define NDPI_PROTOCOL_TELNET 77 -#define NDPI_PROTOCOL_STUN 78 -#define NDPI_PROTOCOL_IP_IPSEC 79 -#define NDPI_PROTOCOL_IP_GRE 80 -#define NDPI_PROTOCOL_IP_ICMP 81 -#define NDPI_PROTOCOL_IP_IGMP 82 -#define NDPI_PROTOCOL_IP_EGP 83 -#define NDPI_PROTOCOL_IP_SCTP 84 -#define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 -#define NDPI_PROTOCOL_RTP 87 -#define NDPI_PROTOCOL_RDP 88 -#define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 -#define NDPI_PROTOCOL_SSL 91 -#define NDPI_PROTOCOL_SSH 92 -#define NDPI_PROTOCOL_USENET 93 -#define NDPI_PROTOCOL_MGCP 94 -#define NDPI_PROTOCOL_IAX 95 -#define NDPI_PROTOCOL_TFTP 96 -#define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 -#define NDPI_PROTOCOL_AIMINI 99 -#define NDPI_PROTOCOL_SIP 100 -#define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_IP_ICMPV6 102 -#define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 -#define NDPI_PROTOCOL_DOFUS 106 -#define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 -#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 /*avoid large declarations in the future*/ -#define NDPI_PROTOCOL_KERBEROS 111 -#define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 -#define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 -#define NDPI_PROTOCOL_SLACK 118 -#define NDPI_PROTOCOL_FACEBOOK 119 -#define NDPI_PROTOCOL_TWITTER 120 -#define NDPI_PROTOCOL_DROPBOX 121 -#define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 -#define NDPI_PROTOCOL_YOUTUBE 124 -#define NDPI_PROTOCOL_SKYPE 125 -#define NDPI_PROTOCOL_GOOGLE 126 -#define NDPI_PROTOCOL_DCERPC 127 -#define NDPI_PROTOCOL_NETFLOW 128 -#define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 -#define NDPI_PROTOCOL_CITRIX 132 /* It includes also the old NDPI_PROTOCOL_CITRIX_ONLINE */ -#define NDPI_PROTOCOL_NETFLIX 133 -#define NDPI_PROTOCOL_LASTFM 134 -#define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ -#define NDPI_PROTOCOL_ICQ 137 -#define NDPI_PROTOCOL_CHECKMK 138 -#define NDPI_PROTOCOL_AJP 139 /* Leonn Paiva */ -#define NDPI_PROTOCOL_APPLE 140 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_WHATSAPP 142 -#define NDPI_PROTOCOL_APPLE_ICLOUD 143 -#define NDPI_PROTOCOL_VIBER 144 -#define NDPI_PROTOCOL_APPLE_ITUNES 145 -#define NDPI_PROTOCOL_RADIUS 146 -#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 -#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_TUENTI 149 -#define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 -#define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_PROTOCOL_MESSENGER 157 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ -#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ -#define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_NINTENDO 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_VEVO 186 -#define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ -#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 -#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ -#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ -#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_PROTOCOL_WECHAT 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -#define NDPI_PROTOCOL_DNSCRYPT 208 -#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ -#define NDPI_PROTOCOL_DEEZER 210 -#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ -#define NDPI_PROTOCOL_MICROSOFT 212 -#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 214 -#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 -#define NDPI_PROTOCOL_OCS 218 -#define NDPI_PROTOCOL_OFFICE_365 219 -#define NDPI_PROTOCOL_CLOUDFLARE 220 -#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 -#define NDPI_PROTOCOL_MQTT 222 -#define NDPI_PROTOCOL_RX 223 -#define NDPI_PROTOCOL_APPLESTORE 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 -#define NDPI_PROTOCOL_PLAYSTORE 228 -#define NDPI_PROTOCOL_SOMEIP 229 -#define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_PLAYSTATION 231 -#define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ -#define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ -#define NDPI_PROTOCOL_SOUNDCLOUD 234 -#define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ -#define NDPI_PROTOCOL_LISP 236 -#define NDPI_PROTOCOL_DIAMETER 237 -#define NDPI_PROTOCOL_APPLE_PUSH 238 -#define NDPI_PROTOCOL_GOOGLE_SERVICES 239 -#define NDPI_PROTOCOL_AMAZON_VIDEO 240 -#define NDPI_PROTOCOL_GOOGLE_DOCS 241 -#define NDPI_PROTOCOL_WHATSAPP_FILES 242 /* Videos, pictures, voice messages... */ -#define NDPI_PROTOCOL_VIDTO 243 /* VidTO streaming service */ -#define NDPI_PROTOCOL_RAPIDVIDEO 244 /* RapidVideo streaming */ -#define NDPI_PROTOCOL_SHOWMAX 245 /* showmax.com video streaming */ -/* IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT */ -/* */ -/* If you add new NDPI protocol defines after the last, DON'T forget */ -/* to update constant NDPI_LAST_IMPLEMENTED_PROTOCOL below !!! */ -/* */ -/* IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SHOWMAX - -#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) -#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) +#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN +#define NDPI_MAX_SUPPORTED_PROTOCOLS NDPI_LAST_IMPLEMENTED_PROTOCOL +#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) #endif diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33b485263..be9009e8a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -26,9 +26,6 @@ #include "ndpi_define.h" -#define BT_ANNOUNCE -#define SNAP_EXT - /* NDPI_LOG_LEVEL */ typedef enum { NDPI_LOG_ERROR, @@ -308,8 +305,7 @@ struct ndpi_icmphdr { /* ******************* ********************* ****************** */ /* ************************************************************ */ -#ifdef NDPI_PROTOCOL_BITTORRENT - +/* NDPI_PROTOCOL_BITTORRENT */ typedef struct spinlock { volatile int val; } spinlock_t; @@ -348,9 +344,8 @@ struct bt_announce { // 192 bytes u_int8_t name_len, name[192 - 4*10 - 2 - 1]; // 149 bytes }; -#endif -#ifdef NDPI_PROTOCOL_TINC +/* NDPI_PROTOCOL_TINC */ #define TINC_CACHE_MAX_SIZE 10 PACK_ON struct tinc_cache_entry { @@ -359,8 +354,6 @@ PACK_ON struct tinc_cache_entry { u_int16_t dst_port; } PACK_OFF; -#endif - typedef enum { HTTP_METHOD_UNKNOWN = 0, HTTP_METHOD_OPTIONS, @@ -381,227 +374,221 @@ struct ndpi_id_struct { to compare this, use: **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; -#ifdef NDPI_PROTOCOL_RTSP +/* NDPI_PROTOCOL_RTSP */ ndpi_ip_addr_t rtsp_ip_address; -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_video_lan_timer; -#endif -#endif + /* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */ -#ifdef NDPI_PROTOCOL_IRC +/* NDPI_PROTOCOL_IRC */ #define NDPI_PROTOCOL_IRC_MAXPORT 8 u_int16_t irc_port[NDPI_PROTOCOL_IRC_MAXPORT]; u_int32_t last_time_port_used[NDPI_PROTOCOL_IRC_MAXPORT]; u_int32_t irc_ts; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int32_t gnutella_ts; -#endif -#ifdef NDPI_PROTOCOL_BATTLEFIELD + +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_ts; -#endif -#ifdef NDPI_PROTOCOL_THUNDER + +/* NDPI_PROTOCOL_THUNDER */ u_int32_t thunder_ts; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsp_timer; -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int32_t oscar_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_ZATTOO + +/* NDPI_PROTOCOL_ZATTOO */ u_int32_t zattoo_ts; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ u_int32_t jabber_stun_or_ft_ts; -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int32_t directconnect_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int32_t soulseek_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int16_t detected_directconnect_port; u_int16_t detected_directconnect_udp_port; u_int16_t detected_directconnect_ssl_port; -#endif -#ifdef NDPI_PROTOCOL_BITTORRENT + +/* NDPI_PROTOCOL_BITTORRENT */ #define NDPI_BT_PORTS 8 u_int16_t bt_port_t[NDPI_BT_PORTS]; u_int16_t bt_port_u[NDPI_BT_PORTS]; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ #define JABBER_MAX_STUN_PORTS 6 u_int16_t jabber_voice_stun_port[JABBER_MAX_STUN_PORTS]; u_int16_t jabber_file_transfer_port[2]; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int16_t detected_gnutella_port; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int16_t detected_gnutella_udp_port1; u_int16_t detected_gnutella_udp_port2; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int16_t soulseek_listen_port; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int8_t irc_number_of_port; -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int8_t oscar_ssl_session_id[33]; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ u_int8_t jabber_voice_stun_used_ports; -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_SIP */ +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_video_lan_dir:1; -#endif -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_conf_logged_in:1; u_int32_t yahoo_voice_conf_logged_in:1; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsp_ts_set:1; -#endif }; /* ************************************************** */ struct ndpi_flow_tcp_struct { -#ifdef NDPI_PROTOCOL_MAIL_SMTP +/* NDPI_PROTOCOL_MAIL_SMTP */ u_int16_t smtp_command_bitmask; -#endif -#ifdef NDPI_PROTOCOL_MAIL_POP + +/* NDPI_PROTOCOL_MAIL_POP */ u_int16_t pop_command_bitmask; -#endif -#ifdef NDPI_PROTOCOL_QQ + +/* NDPI_PROTOCOL_QQ */ u_int16_t qq_nxt_len; -#endif -#ifdef NDPI_PROTOCOL_TDS + +/* NDPI_PROTOCOL_TDS */ u_int8_t tds_login_version; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int8_t irc_stage; u_int8_t irc_port; -#endif -#ifdef NDPI_PROTOCOL_H323 +/* NDPI_PROTOCOL_H323 */ u_int8_t h323_valid_packets; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int8_t gnutella_msg_id[3]; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int32_t irc_3a_counter:3; u_int32_t irc_stage2:5; u_int32_t irc_direction:2; u_int32_t irc_0x1000_full:1; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int32_t soulseek_stage:2; -#endif -#ifdef NDPI_PROTOCOL_TDS + +/* NDPI_PROTOCOL_TDS */ u_int32_t tds_stage:3; -#endif -#ifdef NDPI_PROTOCOL_USENET + +/* NDPI_PROTOCOL_USENET */ u_int32_t usenet_stage:2; -#endif -#ifdef NDPI_PROTOCOL_IMESH + +/* NDPI_PROTOCOL_IMESH */ u_int32_t imesh_stage:4; -#endif -#ifdef NDPI_PROTOCOL_HTTP + +/* NDPI_PROTOCOL_HTTP */ u_int32_t http_setup_dir:2; u_int32_t http_stage:2; u_int32_t http_empty_line_seen:1; u_int32_t http_wait_for_retransmission:1; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int32_t gnutella_stage:2; // 0 - 2 -#endif -#ifdef NDPI_CONTENT_MMS + +/* NDPI_CONTENT_MMS */ u_int32_t mms_stage:2; -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_sip_comm:1; u_int32_t yahoo_http_proxy_stage:2; -#endif -#ifdef NDPI_PROTOCOL_MSN + +/* NDPI_PROTOCOL_MSN */ u_int32_t msn_stage:3; u_int32_t msn_ssl_ft:2; -#endif -#ifdef NDPI_PROTOCOL_SSH + +/* NDPI_PROTOCOL_SSH */ u_int32_t ssh_stage:3; -#endif -#ifdef NDPI_PROTOCOL_VNC + +/* NDPI_PROTOCOL_VNC */ u_int32_t vnc_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_TELNET + +/* NDPI_PROTOCOL_TELNET */ u_int32_t telnet_stage:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_SSL + +/* NDPI_PROTOCOL_SSL */ u_int8_t ssl_stage:2, ssl_seen_client_cert:1, ssl_seen_server_cert:1; // 0 - 5 -#endif -#ifdef NDPI_PROTOCOL_POSTGRES + +/* NDPI_PROTOCOL_POSTGRES */ u_int32_t postgres_stage:3; -#endif -#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK + +/* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */ u_int32_t ddlink_server_direction:1; -#endif u_int32_t seen_syn:1; u_int32_t seen_syn_ack:1; u_int32_t seen_ack:1; -#ifdef NDPI_PROTOCOL_ICECAST + +/* NDPI_PROTOCOL_ICECAST */ u_int32_t icecast_stage:1; -#endif -#ifdef NDPI_PROTOCOL_DOFUS + +/* NDPI_PROTOCOL_DOFUS */ u_int32_t dofus_stage:1; -#endif -#ifdef NDPI_PROTOCOL_FIESTA + +/* NDPI_PROTOCOL_FIESTA */ u_int32_t fiesta_stage:2; -#endif -#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT + +/* NDPI_PROTOCOL_WORLDOFWARCRAFT */ u_int32_t wow_stage:2; -#endif -#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV + +/* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */ u_int32_t veoh_tv_stage:2; -#endif -#ifdef NDPI_PROTOCOL_SHOUTCAST + +/* NDPI_PROTOCOL_SHOUTCAST */ u_int32_t shoutcast_stage:2; -#endif -#ifdef NDPI_PROTOCOL_RTP + +/* NDPI_PROTOCOL_RTP */ u_int32_t rtp_special_packets_seen:1; -#endif -#ifdef NDPI_PROTOCOL_MAIL_POP + +/* NDPI_PROTOCOL_MAIL_POP */ u_int32_t mail_pop_stage:2; -#endif -#ifdef NDPI_PROTOCOL_MAIL_IMAP + +/* NDPI_PROTOCOL_MAIL_IMAP */ u_int32_t mail_imap_stage:3, mail_imap_starttls:2; -#endif -#ifdef NDPI_PROTOCOL_SKYPE + +/* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; -#endif -#ifdef NDPI_PROTOCOL_CITRIX + +/* NDPI_PROTOCOL_CITRIX */ u_int8_t citrix_packet_id; -#endif -#ifdef NDPI_PROTOCOL_LOTUS_NOTES + +/* NDPI_PROTOCOL_LOTUS_NOTES */ u_int8_t lotus_notes_packet_id; -#endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER + +/* NDPI_PROTOCOL_TEAMVIEWER */ u_int8_t teamviewer_stage; -#endif -#ifdef NDPI_PROTOCOL_ZMQ + +/* NDPI_PROTOCOL_ZMQ */ u_int8_t prev_zmq_pkt_len; u_char prev_zmq_pkt[10]; -#endif -#ifdef NDPI_PROTOCOL_PPSTREAM + +/* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; -#endif } #ifndef WIN32 __attribute__ ((__packed__)) @@ -611,55 +598,54 @@ struct ndpi_flow_tcp_struct { /* ************************************************** */ struct ndpi_flow_udp_struct { -#ifdef NDPI_PROTOCOL_BATTLEFIELD +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_msg_id; -#endif -#ifdef NDPI_PROTOCOL_SNMP + +/* NDPI_PROTOCOL_SNMP */ u_int32_t snmp_msg_id; -#endif -#ifdef NDPI_PROTOCOL_BATTLEFIELD + +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_stage:3; -#endif -#ifdef NDPI_PROTOCOL_SNMP + +/* NDPI_PROTOCOL_SNMP */ u_int32_t snmp_stage:2; -#endif -#ifdef NDPI_PROTOCOL_PPSTREAM + +/* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; // 0 - 7 -#endif -#ifdef NDPI_PROTOCOL_HALFLIFE2 + +/* NDPI_PROTOCOL_HALFLIFE2 */ u_int32_t halflife2_stage:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_TFTP + +/* NDPI_PROTOCOL_TFTP */ u_int32_t tftp_stage:1; -#endif -#ifdef NDPI_PROTOCOL_AIMINI + +/* NDPI_PROTOCOL_AIMINI */ u_int32_t aimini_stage:5; -#endif -#ifdef NDPI_PROTOCOL_XBOX + +/* NDPI_PROTOCOL_XBOX */ u_int32_t xbox_stage:1; -#endif -#ifdef NDPI_PROTOCOL_WINDOWS_UPDATE + +/* NDPI_PROTOCOL_WINDOWS_UPDATE */ u_int32_t wsus_stage:1; -#endif -#ifdef NDPI_PROTOCOL_SKYPE + +/* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; -#endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER + +/* NDPI_PROTOCOL_TEAMVIEWER */ u_int8_t teamviewer_stage; -#endif -#ifdef NDPI_PROTOCOL_EAQ + +/* NDPI_PROTOCOL_EAQ */ u_int8_t eaq_pkt_id; u_int32_t eaq_sequence; -#endif -#ifdef NDPI_PROTOCOL_RX + +/* NDPI_PROTOCOL_RX */ u_int32_t rx_conn_epoch; u_int32_t rx_conn_id; -#endif } #ifndef WIN32 __attribute__ ((__packed__)) -#endif ; +#endif /* ************************************************** */ @@ -684,7 +670,6 @@ struct ndpi_packet_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_SIZE]; - #ifndef WIN32 __attribute__ ((__packed__)) #endif @@ -799,7 +784,7 @@ typedef enum { NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_CONTENT_CATEGORY_WEBM, - /* Out custom categories */ + /* Some custom categories */ CUSTOM_CATEGORY_MINING = 99, CUSTOM_CATEGORY_MALWARE = 100, CUSTOM_CATEGORY_ADVERTISEMENT = 101, @@ -962,19 +947,18 @@ struct ndpi_detection_module_struct { char ip_string[NDPI_IP_STRING_SIZE]; #endif u_int8_t ip_version_limit; -#ifdef NDPI_PROTOCOL_BITTORRENT +/* NDPI_PROTOCOL_BITTORRENT */ struct hash_ip4p_table *bt_ht; #ifdef NDPI_DETECTION_SUPPORT_IPV6 struct hash_ip4p_table *bt6_ht; #endif -#ifdef BT_ANNOUNCE + +/* BT_ANNOUNCE */ struct bt_announce *bt_ann; int bt_ann_len; -#endif -#endif -#ifdef NDPI_PROTOCOL_TINC + +/* NDPI_PROTOCOL_TINC */ struct cache *tinc_cache; -#endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -986,7 +970,8 @@ struct ndpi_detection_module_struct { void *hyperscan; /* Intel Hyperscan */ }; -#endif + +#endif /* NDPI_LIB_COMPILATION */ struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; @@ -1102,95 +1087,91 @@ struct ndpi_flow_struct { NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; -#ifdef NDPI_PROTOCOL_REDIS +/* NDPI_PROTOCOL_REDIS */ u_int8_t redis_s2d_first_char, redis_d2s_first_char; -#endif + u_int16_t packet_counter; // can be 0 - 65000 u_int16_t packet_direction_counter[2]; u_int16_t byte_counter[2]; -#ifdef NDPI_PROTOCOL_BITTORRENT +/* NDPI_PROTOCOL_BITTORRENT */ u_int8_t bittorrent_stage; // can be 0 - 255 -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int32_t directconnect_stage:2; // 0 - 1 -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t sip_yahoo_voice:1; -#endif -#endif -#ifdef NDPI_PROTOCOL_HTTP + +/* NDPI_PROTOCOL_HTTP */ u_int32_t http_detected:1; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsprdt_stage:2; u_int32_t rtsp_control_flow:1; -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_detection_finished:2; -#endif -#ifdef NDPI_PROTOCOL_ZATTOO + +/* NDPI_PROTOCOL_ZATTOO */ u_int32_t zattoo_stage:3; -#endif -#ifdef NDPI_PROTOCOL_QQ + +/* NDPI_PROTOCOL_QQ */ u_int32_t qq_stage:3; -#endif -#ifdef NDPI_PROTOCOL_THUNDER + +/* NDPI_PROTOCOL_THUNDER */ u_int32_t thunder_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int32_t oscar_ssl_voice_stage:3; u_int32_t oscar_video_voice:1; -#endif -#ifdef NDPI_PROTOCOL_FLORENSIA + +/* NDPI_PROTOCOL_FLORENSIA */ u_int32_t florensia_stage:1; -#endif -#ifdef NDPI_PROTOCOL_SOCKS + +/* NDPI_PROTOCOL_SOCKS */ u_int32_t socks5_stage:2; // 0 - 3 u_int32_t socks4_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_EDONKEY + +/* NDPI_PROTOCOL_EDONKEY */ u_int32_t edonkey_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_FTP_CONTROL + +/* NDPI_PROTOCOL_FTP_CONTROL */ u_int32_t ftp_control_stage:2; -#endif -#ifdef NDPI_PROTOCOL_RTMP + +/* NDPI_PROTOCOL_RTMP */ u_int32_t rtmp_stage:2; -#endif -#ifdef NDPI_PROTOCOL_PANDO + +/* NDPI_PROTOCOL_PANDO */ u_int32_t pando_stage:3; -#endif -#ifdef NDPI_PROTOCOL_STEAM + +/* NDPI_PROTOCOL_STEAM */ u_int32_t steam_stage:3; u_int32_t steam_stage1:3; // 0 - 4 u_int32_t steam_stage2:2; // 0 - 2 u_int32_t steam_stage3:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_PPLIVE + +/* NDPI_PROTOCOL_PPLIVE */ u_int32_t pplive_stage1:3; // 0 - 6 u_int32_t pplive_stage2:2; // 0 - 2 u_int32_t pplive_stage3:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_STARCRAFT + +/* NDPI_PROTOCOL_STARCRAFT */ u_int32_t starcraft_udp_stage : 3; // 0-7 -#endif -#ifdef NDPI_PROTOCOL_OPENVPN + +/* NDPI_PROTOCOL_OPENVPN */ u_int8_t ovpn_session_id[8]; u_int8_t ovpn_counter; -#endif -#ifdef NDPI_PROTOCOL_TINC + +/* NDPI_PROTOCOL_TINC */ u_int8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; -#endif -#ifdef NDPI_PROTOCOL_CSGO + +/* NDPI_PROTOCOL_CSGO */ u_int8_t csgo_strid[18],csgo_state,csgo_s2; u_int32_t csgo_id2; -#endif -#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) +/* NDPI_PROTOCOL_1KXUN || NDPI_PROTOCOL_IQIYI */ u_int16_t kxun_counter, iqiyi_counter; -#endif /* internal structures to save functions calls */ struct ndpi_packet_struct packet; @@ -1212,4 +1193,4 @@ typedef struct { u_int8_t value; } ndpi_network; -#endif/* __NDPI_TYPEDEFS_H__ */ +#endif /* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/Makefile b/src/lib/Makefile new file mode 100644 index 000000000..2beca4516 --- /dev/null +++ b/src/lib/Makefile @@ -0,0 +1,24 @@ +# +# Simple non-autotools dependent makefile +# +# ./autogen.sh +# cd src/lib +# make -f Makefile.simple +# +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION +RANLIB=ranlib + +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o +HEADERS = $(wildcard ../include/*.h) + +all: libndpi.a + +libndpi.a: $(OBJECTS) + ar rc $@ $(OBJECTS) + $(RANLIB) $@ + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + /bin/rm -f libndpi.a $(OBJECTS) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am deleted file mode 100644 index 10a54c719..000000000 --- a/src/lib/Makefile.am +++ /dev/null @@ -1,181 +0,0 @@ -lib_LTLIBRARIES = libndpi.la - -CFLAGS += -fPIC -DPIC -DNDPI_LIB_COMPILATION # --coverage -libndpi_la_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/lib/third_party/include/ @HS_INC@ -libndpi_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(top_srcdir)/libndpi.sym - -libndpi_la_includedir = $(includedir)/libndpi-@VERSION@/libndpi - -libndpi_la_include_HEADERS = ../include/ndpi_api.h \ - ../include/ndpi_define.h \ - ../include/ndpi_main.h \ - ../include/ndpi_includes.h \ - ../include/ndpi_config.h \ - ../include/ndpi_protocol_ids.h \ - ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h \ - third_party/include/libcache.h - -libndpi_la_SOURCES = ndpi_content_match.c.inc \ - ndpi_main.c \ - protocols/afp.c \ - protocols/ajp.c \ - protocols/aimini.c \ - protocols/applejuice.c \ - protocols/apple_push.c \ - protocols/armagetron.c \ - protocols/ayiya.c \ - protocols/amqp.c \ - protocols/battlefield.c \ - protocols/bgp.c \ - protocols/bittorrent.c \ - protocols/bjnp.c \ - protocols/checkmk.c \ - protocols/ciscovpn.c \ - protocols/citrix.c \ - protocols/coap.c \ - protocols/collectd.c \ - protocols/corba.c \ - protocols/crossfire.c \ - protocols/csgo.c \ - protocols/dcerpc.c \ - protocols/dhcp.c \ - protocols/dhcpv6.c \ - protocols/diameter.c \ - protocols/directconnect.c \ - protocols/directdownloadlink.c \ - protocols/dns.c \ - protocols/dofus.c \ - protocols/drda.c \ - protocols/dropbox.c \ - protocols/eaq.c \ - protocols/edonkey.c \ - protocols/fasttrack.c \ - protocols/fbzero.c \ - protocols/fiesta.c \ - protocols/fix.c \ - protocols/florensia.c \ - protocols/ftp_control.c \ - protocols/ftp_data.c \ - protocols/git.c \ - protocols/gnutella.c \ - protocols/gtp.c \ - protocols/guildwars.c \ - protocols/hangout.c \ - protocols/h323.c \ - protocols/halflife2_and_mods.c \ - protocols/hep.c \ - protocols/http_activesync.c \ - protocols/http.c \ - protocols/iax.c \ - protocols/icecast.c \ - protocols/ipp.c \ - protocols/irc.c \ - protocols/jabber.c \ - protocols/kakaotalk_voice.c \ - protocols/kerberos.c \ - protocols/kontiki.c \ - protocols/ldap.c \ - protocols/lotus_notes.c \ - protocols/lisp.c \ - protocols/mail_imap.c \ - protocols/mail_pop.c \ - protocols/mail_smtp.c \ - protocols/maplestory.c \ - protocols/mdns.c \ - protocols/megaco.c \ - protocols/mgcp.c \ - protocols/mpegts.c \ - protocols/mqtt.c \ - protocols/msn.c \ - protocols/mssql_tds.c \ - protocols/mysql.c \ - protocols/netbios.c \ - protocols/netflow.c \ - protocols/nintendo.c \ - protocols/nfs.c \ - protocols/noe.c \ - protocols/non_tcp_udp.c \ - protocols/ntp.c \ - protocols/openft.c \ - protocols/openvpn.c \ - protocols/oracle.c \ - protocols/oscar.c \ - protocols/pando.c \ - protocols/pcanywhere.c \ - protocols/postgres.c \ - protocols/pplive.c \ - protocols/ppstream.c \ - protocols/pptp.c \ - protocols/qq.c \ - protocols/quic.c \ - protocols/radius.c \ - protocols/rdp.c \ - protocols/redis_net.c \ - protocols/rsync.c \ - protocols/rtcp.c \ - protocols/rtmp.c \ - protocols/rtp.c \ - protocols/rtsp.c \ - protocols/rx.c \ - protocols/sflow.c \ - protocols/shoutcast.c \ - protocols/sip.c \ - protocols/skinny.c \ - protocols/skype.c \ - protocols/smb.c \ - protocols/snmp.c \ - protocols/socks45.c \ - protocols/sopcast.c \ - protocols/soulseek.c \ - protocols/spotify.c \ - protocols/ssdp.c \ - protocols/ssh.c \ - protocols/ssl.c \ - protocols/starcraft.c \ - protocols/stealthnet.c \ - protocols/steam.c \ - protocols/stun.c \ - protocols/syslog.c \ - protocols/tcp_udp.c \ - protocols/teamspeak.c \ - protocols/teamviewer.c \ - protocols/telegram.c \ - protocols/telnet.c \ - protocols/tftp.c \ - protocols/thunder.c \ - protocols/tor.c \ - protocols/teredo.c \ - protocols/tvants.c \ - protocols/tvuplayer.c \ - protocols/ubntac2.c \ - protocols/usenet.c \ - protocols/viber.c \ - protocols/vhua.c \ - protocols/vmware.c \ - protocols/vnc.c \ - protocols/warcraft3.c \ - protocols/whoisdas.c \ - protocols/world_of_kung_fu.c \ - protocols/world_of_warcraft.c \ - protocols/xbox.c \ - protocols/xdmcp.c \ - protocols/yahoo.c \ - protocols/zattoo.c \ - protocols/zeromq.c \ - protocols/smpp.c \ - protocols/tinc.c \ - protocols/someip.c \ - protocols/whatsapp.c \ - third_party/include/actypes.h \ - third_party/include/ahocorasick.h \ - third_party/include/ndpi_patricia.h \ - third_party/include/node.h \ - third_party/include/sort.h \ - third_party/include/libcache.h \ - third_party/src/ahocorasick.c \ - third_party/src/node.c \ - third_party/src/sort.c \ - third_party/src/libcache.c - -EXTRA_DIST = third_party/src/ndpi_patricia.c diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple deleted file mode 100644 index 1aae55636..000000000 --- a/src/lib/Makefile.simple +++ /dev/null @@ -1,22 +0,0 @@ -# -# Simple non-autotools dependent makefile -# -# ./autogen.sh -# cd src/lib -# make -f Makefile.simple -# -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -RANLIB=ranlib - -OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o -HEADERS = $(wildcard ../include/*.h) - -libndpi.a: $(OBJECTS) - ar rc $@ $(OBJECTS) - $(RANLIB) $@ - -%.o: %.c $(HEADERS) Makefile - $(CC) $(CFLAGS) -c $< -o $@ - -clean: - /bin/rm -f libndpi.a $(OBJECTS) \ No newline at end of file diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 42031fc2b..38c8ef70f 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7946,9 +7946,8 @@ static ndpi_network host_protocol_list[] = { /* VidTO - */ - - { 0x51111030 /* 81.17.16.48/32 */, 32, NDPI_PROTOCOL_VIDTO }, + */ + { 0x51111030 /* 81.17.16.48/32 */, 32, NDPI_PROTOCOL_VIDTO }, { 0x5fb7329d /* 95.183.50.157/32 */, 32, NDPI_PROTOCOL_VIDTO }, { 0x577824f2 /* 87.120.36.242/32 */, 32, NDPI_PROTOCOL_VIDTO }, @@ -8212,8 +8211,6 @@ ndpi_protocol_match host_match[] = { { "static-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", NULL, NULL, "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qq.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, @@ -8316,17 +8313,6 @@ ndpi_protocol_match host_match[] = { { "githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".71.am", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".ppstream.com", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".pps.tv", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".steampowered.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".steamcontent.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8353,8 +8339,6 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com", NULL, NULL,"Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", NULL, NULL, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".linkedin.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8366,17 +8350,42 @@ ndpi_protocol_match host_match[] = { { "tdesktop.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "tupdate.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".pastebin.com", NULL, NULL, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".ppstream.com", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + /* + VidTO streaming service + NOTE: this is a possible candidate for NDPI_PROTOCOL_GENERIC + */ + { ".vidto.me", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".vidto.se", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".vidto.me", NULL, NULL, "VidTO", NDPI_PROTOCOL_VIDTO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".vidto.se", NULL, NULL, "VidTO", NDPI_PROTOCOL_VIDTO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + /* + Not so popular services without a protocl dissector (and thus not worth a protocolId) that are handled/detected by categpory rather + than by protocol id. They are bound to a generic protocol (NDPI_PROTOCOL_GENERIC) and placed onto the right category + */ + { "quickplay.com", NULL, NULL, "QuickPlay", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".rapidvideo.com", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".playercdn.net", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + /* RapidVideo streaming */ + { ".rapidvideo.com", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".playercdn.net", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "showmax.com", NULL, NULL, "Showmax", NDPI_PROTOCOL_SHOWMAX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "showmax.akamaized.net", NULL, NULL, "Showmax", NDPI_PROTOCOL_SHOWMAX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + /* showmax.com video streaming */ + { "showmax.com", NULL, NULL, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "showmax.akamaized.net", NULL, NULL, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { NULL, NULL, NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dc090b698..5396187cd 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1495,9 +1495,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_ACTIVESYNC, no_master, - no_master, "HTTP_Application_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, + no_master, "HTTP_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, @@ -1917,8 +1917,6 @@ static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, void *param) { /* ******************************************************************** */ -#ifdef NDPI_PROTOCOL_TOR - static int fill_prefix_v4(prefix_t *p, struct in_addr *a, int b, int mb) { do { if(b < 0 || b > mb) @@ -1995,6 +1993,7 @@ static patricia_node_t* add_to_ptree(patricia_tree_t *tree, int family, return(node); } + /* ******************************************* */ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str, @@ -2006,7 +2005,8 @@ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str, patricia_node_t *node; pin.s_addr = htonl(host_list[i].network); - if((node = add_to_ptree(ptree, AF_INET, &pin, host_list[i].cidr /* bits */)) != NULL) + if((node = add_to_ptree(ptree, AF_INET, + &pin, host_list[i].cidr /* bits */)) != NULL) node->value.user_value = host_list[i].value; } } @@ -2036,8 +2036,6 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp return 0; } -#endif - void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)) { _ndpi_malloc = __ndpi_malloc; } void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)) { _ndpi_flow_malloc = __ndpi_flow_malloc; } @@ -2293,13 +2291,13 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct ndpi_free(ndpi_struct->proto_defaults[i].protoName); } -#ifdef NDPI_PROTOCOL_TINC +/* NDPI_PROTOCOL_TINC */ if(ndpi_struct->tinc_cache) cache_free((cache_t)(ndpi_struct->tinc_cache)); -#endif if(ndpi_struct->protocols_ptree) - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, + free_ptree_data); if (ndpi_struct->udpRoot != NULL) ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); @@ -2358,7 +2356,8 @@ int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_ u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto) { if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - *tcp_master_proto = *udp_master_proto = NDPI_PROTOCOL_UNKNOWN; + *tcp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_tcp_protoId, + *udp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_udp_protoId; return(-1); } @@ -2566,12 +2565,12 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { -#ifdef NDPI_PROTOCOL_TOR +/* NDPI_PROTOCOL_TOR */ ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); -#endif } else { if(do_add) - ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, NDPI_PROTOCOL_ACCEPTABLE); + ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, +NDPI_PROTOCOL_ACCEPTABLE); else ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); } diff --git a/src/lib/protocols/afp.c b/src/lib/protocols/afp.c index ee8dc5973..ffe303cea 100644 --- a/src/lib/protocols/afp.c +++ b/src/lib/protocols/afp.c @@ -1,8 +1,8 @@ /* * afp.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2009-11 by ipoque GmbH + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AFP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AFP #include "ndpi_api.h" @@ -100,5 +98,3 @@ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index fb439f817..dec8118c2 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -2,7 +2,7 @@ * aimini.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AIMINI - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AIMINI #include "ndpi_api.h" @@ -293,5 +291,3 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index ed7bb83f7..7cae40f20 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -22,8 +22,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AJP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AJP #include "ndpi_api.h" @@ -149,5 +147,3 @@ void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 6b530c16d..793b3699e 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -1,7 +1,7 @@ /* * amqp.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AMQP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMQP #include "ndpi_api.h" @@ -87,4 +85,3 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index 734be6e96..6930dba86 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_APPLE_PUSH - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLE_PUSH #include "ndpi_api.h" @@ -76,6 +74,3 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - - -#endif diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c index a80c39d7f..95e6b4458 100644 --- a/src/lib/protocols/applejuice.c +++ b/src/lib/protocols/applejuice.c @@ -2,7 +2,7 @@ * applejuice.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_APPLEJUICE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLEJUICE #include "ndpi_api.h" @@ -67,5 +65,3 @@ void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c index 7f4fb9ec0..53c36a5f9 100644 --- a/src/lib/protocols/armagetron.c +++ b/src/lib/protocols/armagetron.c @@ -2,7 +2,7 @@ * armagetron.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ARMAGETRON - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ARMAGETRON #include "ndpi_api.h" @@ -109,6 +107,3 @@ void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - - -#endif diff --git a/src/lib/protocols/attic/flash.c b/src/lib/protocols/attic/flash.c index bc47ee881..eb27807d7 100644 --- a/src/lib/protocols/attic/flash.c +++ b/src/lib/protocols/attic/flash.c @@ -2,7 +2,7 @@ * flash.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/ftp.c b/src/lib/protocols/attic/ftp.c index 2e06aec9a..19604089c 100644 --- a/src/lib/protocols/attic/ftp.c +++ b/src/lib/protocols/attic/ftp.c @@ -2,7 +2,7 @@ * ftp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/manolito.c b/src/lib/protocols/attic/manolito.c index 3b1db0df5..71fdaeaff 100644 --- a/src/lib/protocols/attic/manolito.c +++ b/src/lib/protocols/attic/manolito.c @@ -2,7 +2,7 @@ * manolito.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/popo.c b/src/lib/protocols/attic/popo.c index 4bd040efe..c5b0447df 100644 --- a/src/lib/protocols/attic/popo.c +++ b/src/lib/protocols/attic/popo.c @@ -2,7 +2,7 @@ * popo.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/secondlife.c b/src/lib/protocols/attic/secondlife.c index d475dc386..487c03597 100644 --- a/src/lib/protocols/attic/secondlife.c +++ b/src/lib/protocols/attic/secondlife.c @@ -2,7 +2,7 @@ * secondlife.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index bc993cfe3..c44c723b5 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -1,7 +1,7 @@ /* * ayiya.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -28,8 +28,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AYIYA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AYIYA #include "ndpi_api.h" @@ -85,5 +83,3 @@ void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/battlefield.c b/src/lib/protocols/battlefield.c index 23a3749b2..b4ec74cfe 100644 --- a/src/lib/protocols/battlefield.c +++ b/src/lib/protocols/battlefield.c @@ -2,7 +2,7 @@ * battlefield.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BATTLEFIELD - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BATTLEFIELD #include "ndpi_api.h" @@ -126,5 +124,3 @@ void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c index f7896968b..aaa5730f7 100644 --- a/src/lib/protocols/bgp.c +++ b/src/lib/protocols/bgp.c @@ -1,7 +1,7 @@ /* * bgp.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BGP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BGP #include "ndpi_api.h" @@ -67,5 +65,3 @@ void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index fceafc188..ad7de6b42 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BITTORRENT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BITTORRENT #include "ndpi_api.h" @@ -503,5 +501,3 @@ void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index f9f690308..759f810be 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -1,16 +1,14 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BJNP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BJNP #include "ndpi_api.h" static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int8_t due_to_correlation) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN); + u_int8_t due_to_correlation) { + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN); } @@ -61,7 +59,3 @@ void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; } - - - -#endif diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 4a63ebc31..5992c1b28 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -1,7 +1,7 @@ /* * btlib.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * Contributed by Vitaly Lavrov * * This file is part of nDPI, an open source deep packet inspection diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index 81ac543b6..991885fce 100644 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -1,7 +1,7 @@ /* * checkmk.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CHECKMK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CHECKMK #include "ndpi_api.h" @@ -82,6 +80,3 @@ void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - - -#endif diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index e04fba936..d98f91e02 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -6,8 +6,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CISCOVPN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CISCOVPN #include "ndpi_api.h" @@ -84,5 +82,3 @@ void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index 7d6406bff..89e520815 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -1,7 +1,7 @@ /* * citrix.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CITRIX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CITRIX #include "ndpi_api.h" @@ -95,5 +93,3 @@ void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c index 288d15f23..5ac8cb80e 100644 --- a/src/lib/protocols/coap.c +++ b/src/lib/protocols/coap.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_COAP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COAP #include "ndpi_api.h" @@ -163,5 +161,3 @@ void init_coap_dissector (struct ndpi_detection_module_struct *ndpi_struct, *id +=1; } - -#endif // NDPI_PROTOCOL_COAP diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c index 2d4a06bb3..6f96871ea 100644 --- a/src/lib/protocols/collectd.c +++ b/src/lib/protocols/collectd.c @@ -1,7 +1,7 @@ /* * collectd.c * - * Copyright (C) 2014 - ntop.org + * Copyright (C) 2014-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_COLLECTD - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COLLECTD #include "ndpi_api.h" @@ -54,5 +52,3 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, stru NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } - -#endif diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index 94e9f324a..ffb12fec1 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CORBA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CORBA #include "ndpi_api.h" @@ -60,4 +58,3 @@ void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in ADD_TO_DETECTION_BITMASK); *id += 1; } -#endif diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c index ea1dce66a..03f3b4264 100644 --- a/src/lib/protocols/crossfire.c +++ b/src/lib/protocols/crossfire.c @@ -1,7 +1,7 @@ /* * crossfire.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CROSSFIRE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CROSSFIRE #include "ndpi_api.h" @@ -88,5 +86,3 @@ void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index 3bf0b4fe9..7f4479419 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CSGO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CSGO #include "ndpi_api.h" @@ -122,5 +120,3 @@ void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index 3aef077cd..ae1266a01 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -1,7 +1,7 @@ /* * dcerpc.c * - * Copyright (C) 2011-13 by ntop.org + * Copyright (C) 2011-18 by ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DCERPC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DCERPC #include "ndpi_api.h" @@ -69,4 +67,3 @@ void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 6ac07e832..52415946b 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -1,7 +1,7 @@ /* * dhcp.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DHCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCP #include "ndpi_api.h" @@ -166,5 +164,3 @@ void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c index 98ed08cda..77be89e40 100644 --- a/src/lib/protocols/dhcpv6.c +++ b/src/lib/protocols/dhcpv6.c @@ -2,7 +2,7 @@ * dhcpv6.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DHCPV6 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCPV6 #include "ndpi_api.h" @@ -68,5 +66,3 @@ void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c index f2f342914..7fb443c34 100644 --- a/src/lib/protocols/diameter.c +++ b/src/lib/protocols/diameter.c @@ -2,7 +2,6 @@ * diameter.c * * Copyright (C) 2018 - ntop.org - * Written by Michele Campus - * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -19,12 +18,12 @@ * * You should have received a copy of the GNU Lesser General Public License * along with nDPI. If not, see . - * + * + * Based on code of: + * Michele Campus - */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DIAMETER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIAMETER #include "ndpi_api.h" @@ -128,5 +127,3 @@ void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif /* NDPI_PROTOCOL_DIAMETER */ - diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 725e53348..6072c3697 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -2,7 +2,7 @@ * directconnect.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DIRECTCONNECT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT #include "ndpi_api.h" @@ -446,5 +444,3 @@ void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_stru *id += 1; } - -#endif diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 0a4d528f2..cd8243786 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -2,7 +2,7 @@ * directdownloadlink.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-14svn - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK #include "ndpi_api.h" @@ -731,4 +729,4 @@ void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi *id += 1; } -#endif + diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 7b56c3c02..6ffa74a27 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -1,7 +1,7 @@ /* * dns.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DNS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNS #include "ndpi_api.h" @@ -247,5 +245,3 @@ void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index baed6c262..997f999a0 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -2,7 +2,7 @@ * dofus.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DOFUS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DOFUS #include "ndpi_api.h" @@ -151,4 +149,4 @@ void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif + diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 72d708d13..7dc24ffcc 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -1,7 +1,7 @@ /* * drda.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DRDA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DRDA #include "ndpi_api.h" @@ -103,5 +101,3 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif /* NDPI_PROTOCOL_DRDA */ diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index 6e8a2dcb0..b987ba253 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -1,7 +1,7 @@ /* * dropbox.c * - * Copyright (C) 2012-16 by ntop.org + * Copyright (C) 2012-18 by ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DROPBOX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DROPBOX #include "ndpi_api.h" @@ -91,7 +89,3 @@ void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ADD_TO_DETECTION_BITMASK); *id += 1; } - - - -#endif diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 3929b4ef6..2082b5263 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -1,7 +1,7 @@ /* * eaq.c * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -27,8 +27,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_EAQ - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EAQ #include "ndpi_api.h" @@ -88,5 +86,3 @@ void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 34276bbcb..3a4801ab1 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_EDONKEY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EDONKEY #include "ndpi_api.h" @@ -225,4 +223,3 @@ void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index 016a15621..074468558 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -2,7 +2,7 @@ * fasttrack.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FASTTRACK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FASTTRACK #include "ndpi_api.h" @@ -94,5 +92,3 @@ void init_fasttrack_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c index 31acd0c9a..3048bff79 100644 --- a/src/lib/protocols/fbzero.c +++ b/src/lib/protocols/fbzero.c @@ -22,8 +22,6 @@ /* https://code.facebook.com/posts/608854979307125/building-zero-protocol-for-fast-secure-mobile-connections/ */ -#ifdef NDPI_PROTOCOL_FBZERO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FBZERO #include "ndpi_api.h" @@ -129,4 +127,3 @@ void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c index 9a9c78852..dc7a86fd4 100644 --- a/src/lib/protocols/fiesta.c +++ b/src/lib/protocols/fiesta.c @@ -2,7 +2,7 @@ * fiesta.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FIESTA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIESTA #include "ndpi_api.h" @@ -105,4 +103,3 @@ void init_fiesta_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c index 4f3f9849b..3cc9e070c 100644 --- a/src/lib/protocols/fix.c +++ b/src/lib/protocols/fix.c @@ -1,7 +1,7 @@ /* * fix.c * - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FIX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIX #include "ndpi_api.h" @@ -75,6 +73,3 @@ void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 ADD_TO_DETECTION_BITMASK); *id += 1; } - - -#endif diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index 217874a6a..cca63485f 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -2,7 +2,7 @@ * florensia.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FLORENSIA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FLORENSIA #include "ndpi_api.h" @@ -129,5 +127,3 @@ void init_florensia_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index f23476db0..893f83d68 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -1,7 +1,7 @@ /* * ftp_control.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FTP_CONTROL - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_CONTROL #include "ndpi_api.h" @@ -1014,5 +1012,3 @@ void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct *id += 1; } - -#endif diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index ec1e8d7d8..8d3e6fa8c 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -1,7 +1,7 @@ /* * ftp_data.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * The signature is based on the Libprotoident library. * @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FTP_DATA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_DATA #include "ndpi_api.h" @@ -258,5 +256,3 @@ void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index 0b4192289..1e358d79b 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -1,7 +1,7 @@ /* * git.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GIT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GIT #include @@ -73,7 +71,6 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, /* ***************************************************************** */ - void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { @@ -86,5 +83,3 @@ void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif /* NDPI_PROTOCOL_GIT */ diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 295cfaecd..5bc2980cc 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -2,7 +2,7 @@ * gnutella.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GNUTELLA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GNUTELLA #include "ndpi_api.h" @@ -371,5 +369,3 @@ void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 0bdc4d8ee..ffe2b2498 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -1,7 +1,7 @@ /* * gtp.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GTP #include "ndpi_api.h" @@ -89,5 +87,3 @@ void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c index 7b6581851..1cf3888cf 100644 --- a/src/lib/protocols/guildwars.c +++ b/src/lib/protocols/guildwars.c @@ -2,7 +2,7 @@ * guildwars.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GUILDWARS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS #include "ndpi_api.h" @@ -78,5 +76,3 @@ void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 31c353a27..ddbcdadf3 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -1,16 +1,13 @@ /* * h323.c * - * Copyright (C) 2015 ntop.org + * Copyright (C) 2015-18 ntop.org * Copyright (C) 2013 Remy Mudingay * */ - #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_H323 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_H323 #include "ndpi_api.h" @@ -115,5 +112,3 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c index 5319424fa..446703220 100644 --- a/src/lib/protocols/halflife2_and_mods.c +++ b/src/lib/protocols/halflife2_and_mods.c @@ -2,7 +2,7 @@ * halflife2_and_mods.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HALFLIFE2 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HALFLIFE2 #include "ndpi_api.h" @@ -77,5 +75,3 @@ void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index de35653ea..fc94aad5f 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -1,7 +1,7 @@ /* * hangout.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HANGOUT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HANGOUT #include "ndpi_api.h" @@ -109,4 +107,3 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif /* NDPI_PROTOCOL_HANGOUT */ diff --git a/src/lib/protocols/hep.c b/src/lib/protocols/hep.c index 1c7617c88..02a559af8 100644 --- a/src/lib/protocols/hep.c +++ b/src/lib/protocols/hep.c @@ -2,7 +2,7 @@ * hep.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * Copyright (C) 2011-15 - QXIP BV * * This file is part of nDPI, an open source deep packet inspection @@ -26,8 +26,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HEP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HEP #include "ndpi_api.h" @@ -45,16 +43,17 @@ void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct nd const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - NDPI_LOG_DBG(ndpi_struct, "searching HEP\n"); - if (payload_len > 10) { - if (memcmp(packet_payload, "HEP3", 4) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found HEP3\n"); - ndpi_int_hep_add_connection(ndpi_struct, flow); - return; - } - } + NDPI_LOG_DBG(ndpi_struct, "searching HEP\n"); + + if(payload_len > 10) { + if(memcmp(packet_payload, "HEP3", 4) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found HEP3\n"); + ndpi_int_hep_add_connection(ndpi_struct, flow); + return; + } + } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -69,5 +68,3 @@ void init_hep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index ac5b9d173..e03b48710 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1,7 +1,7 @@ /* * http.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HTTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP #include "ndpi_api.h" @@ -121,7 +119,6 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str } #endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -140,10 +137,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER); } } -#endif - -#ifdef NDPI_PROTOCOL_RTSP static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -154,7 +148,6 @@ static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTSP); } } -#endif static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *ua) { @@ -428,25 +421,20 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->accept_line.ptr != NULL) { NDPI_LOG_DBG2(ndpi_struct, "Accept line found %.*s\n", packet->accept_line.len, packet->accept_line.ptr); -#ifdef NDPI_PROTOCOL_RTSP - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_RTSP) != 0) { + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, + NDPI_PROTOCOL_RTSP) != 0) { rtsp_parse_packet_acceptline(ndpi_struct, flow); } -#endif } /* search for line startin with "Icy-MetaData" */ -#ifdef NDPI_CONTENT_CATEGORY_MPEG - for (a = 0; a < packet->parsed_lines; a++) { + for (a = 0; a < packet->parsed_lines; a++) { if(packet->line[a].len > 11 && memcmp(packet->line[a].ptr, "Icy-MetaData", 12) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_MPEG); - return; - } + NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n"); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_MPEG); + return; + } } -#ifdef NDPI_CONTENT_CATEGORY_AVI -#endif -#endif if(packet->content_line.ptr != NULL && packet->content_line.len != 0) { NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", @@ -471,10 +459,8 @@ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_CATEGORY_AVI) != 0) avi_check_http_payload(ndpi_struct, flow); #endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER - teamviewer_check_http_payload(ndpi_struct, flow); -#endif + teamviewer_check_http_payload(ndpi_struct, flow); } /** @@ -550,9 +536,8 @@ static void http_bitmask_exclude_other(struct ndpi_flow_struct *flow) #ifdef NDPI_CONTENT_CATEGORY_OGG NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_OGG); #endif -#ifdef NDPI_PROTOCOL_XBOX + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX); -#endif } /*************************************************************************************************/ @@ -1007,7 +992,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_PROTOCOL_XBOX + ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_XBOX, ndpi_search_http_tcp, @@ -1015,8 +1000,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_QQ + ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_QQ, ndpi_search_http_tcp, @@ -1024,7 +1008,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif + #ifdef NDPI_CONTENT_CATEGORY_AVI ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id, NDPI_CONTENT_CATEGORY_AVI, @@ -1069,7 +1053,4 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int a++; #endif - } - -#endif diff --git a/src/lib/protocols/http_activesync.c b/src/lib/protocols/http_activesync.c index 55451f6bf..0bf267290 100644 --- a/src/lib/protocols/http_activesync.c +++ b/src/lib/protocols/http_activesync.c @@ -2,7 +2,7 @@ * http_activesync.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -26,42 +26,39 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_ACTIVESYNC #include "ndpi_api.h" static void ndpi_int_activesync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, NDPI_PROTOCOL_HTTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_ACTIVESYNC, NDPI_PROTOCOL_HTTP); } void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG_DBG(ndpi_struct, "search activesync\n"); - if (packet->tcp != NULL) { - - if (packet->payload_packet_len > 150 - && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) - || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { - ndpi_int_activesync_add_connection(ndpi_struct, flow); - NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n"); - return; - } - } + NDPI_LOG_DBG(ndpi_struct, "search activesync\n"); + if (packet->tcp != NULL) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + if (packet->payload_packet_len > 150 + && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) + || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { + ndpi_int_activesync_add_connection(ndpi_struct, flow); + NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n"); + return; + } + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } - -void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("HTTP_Application_ActiveSync", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, + NDPI_PROTOCOL_HTTP_ACTIVESYNC, ndpi_search_activesync, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, @@ -70,4 +67,3 @@ void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_st *id += 1; } -#endif diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c index 7f6e960f1..104a59be4 100644 --- a/src/lib/protocols/iax.c +++ b/src/lib/protocols/iax.c @@ -2,7 +2,7 @@ * iax.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_IAX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IAX #include "ndpi_api.h" @@ -107,5 +105,3 @@ void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index 23aca33e9..515d5b572 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -2,7 +2,7 @@ * icecast.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ICECAST - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ICECAST #include "ndpi_api.h" @@ -42,13 +40,13 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s NDPI_LOG_DBG(ndpi_struct, "search icecast\n"); - if ((packet->payload_packet_len < 500 && + if((packet->payload_packet_len < 500 && packet->payload_packet_len >= 7 && memcmp(packet->payload, "SOURCE ", 7) == 0) || flow->l4.tcp.icecast_stage) { ndpi_parse_packet_line_info_any(ndpi_struct, flow); NDPI_LOG_DBG2(ndpi_struct, "Icecast lines=%d\n", packet->parsed_lines); for (i = 0; i < packet->parsed_lines; i++) { - if (packet->line[i].ptr != NULL && packet->line[i].len > 4 + if(packet->line[i].ptr != NULL && packet->line[i].len > 4 && memcmp(packet->line[i].ptr, "ice-", 4) == 0) { NDPI_LOG_INFO(ndpi_struct, "found Icecast\n"); ndpi_int_icecast_add_connection(ndpi_struct, flow); @@ -56,28 +54,30 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s } } - if (packet->parsed_lines < 1 && !flow->l4.tcp.icecast_stage) { + if(packet->parsed_lines < 1 && !flow->l4.tcp.icecast_stage) { flow->l4.tcp.icecast_stage = 1; return; } } -#ifdef NDPI_PROTOCOL_HTTP - if (NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_HTTP)) { + + if(NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_HTTP)) { goto icecast_exclude; } -#endif - if (packet->packet_direction == flow->setup_packet_direction && flow->packet_counter < 10) { + if((packet->packet_direction == flow->setup_packet_direction) + && (flow->packet_counter < 10)) { return; } - if (packet->packet_direction != flow->setup_packet_direction) { + if(packet->packet_direction != flow->setup_packet_direction) { /* server answer, now test Server for Icecast */ ndpi_parse_packet_line_info(ndpi_struct, flow); - if (packet->server_line.ptr != NULL && packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast") && - memcmp(packet->server_line.ptr, "Icecast", NDPI_STATICSTRING_LEN("Icecast")) == 0) { + if((packet->server_line.ptr != NULL) + && (packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast")) + && memcmp(packet->server_line.ptr, "Icecast", + NDPI_STATICSTRING_LEN("Icecast")) == 0) { /* TODO maybe store the previous protocol type as subtype? * e.g. ogg or mpeg */ @@ -103,5 +103,3 @@ void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index fcf25a758..4f4f2438f 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -2,7 +2,7 @@ * ipp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_IPP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IPP #include "ndpi_api.h" @@ -123,5 +121,3 @@ void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index 7bdd543c3..12660b528 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -2,7 +2,7 @@ * irc.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_IRC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IRC #include "ndpi_api.h" @@ -778,8 +776,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } - -void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("IRC", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IRC, @@ -791,4 +789,3 @@ void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 05950d8c5..3917b8b20 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -2,7 +2,7 @@ * jabber.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNENCRYPTED_JABBER #include "ndpi_api.h" @@ -36,10 +34,8 @@ struct jabber_string { }; static struct jabber_string jabber_strings[] = { -#ifdef NDPI_PROTOCOL_TRUPHONE { "='im.truphone.com'", NDPI_PROTOCOL_TRUPHONE }, { "=\"im.truphone.com\"", NDPI_PROTOCOL_TRUPHONE }, -#endif { NULL, 0 } }; @@ -289,9 +285,8 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -#ifdef NDPI_PROTOCOL_TRUPHONE - ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE,__FILE__,__FUNCTION__,__LINE__); -#endif + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE, + __FILE__,__FUNCTION__,__LINE__); } @@ -306,4 +301,4 @@ void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif + diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index 87c1ef061..1869e06db 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -1,7 +1,7 @@ /* * kakaotalk_voice.c * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -26,8 +26,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KAKAOTALK_VOICE #include "ndpi_api.h" @@ -66,7 +64,8 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc } -void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("KakaoTalk_Voice", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_KAKAOTALK_VOICE, @@ -77,4 +76,3 @@ void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_st *id += 1; } -#endif diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 71f4a8636..8b059a1a2 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -2,7 +2,7 @@ * kerberos.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_KERBEROS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KERBEROS #include "ndpi_api.h" @@ -80,4 +78,3 @@ void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c index 425fd6b1b..4882c7797 100644 --- a/src/lib/protocols/kontiki.c +++ b/src/lib/protocols/kontiki.c @@ -2,7 +2,7 @@ * kontiki.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_KONTIKI - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KONTIKI #include "ndpi_api.h" @@ -66,7 +64,8 @@ void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struc } -void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("Kontiki", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_KONTIKI, @@ -78,4 +77,3 @@ void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index 4adb7c471..49b1a39d4 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -2,7 +2,7 @@ * ldap.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_LDAP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LDAP #include "ndpi_api.h" @@ -104,4 +102,3 @@ void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index e507be9f9..2c6d7b611 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -1,7 +1,5 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_LISP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP #include "ndpi_api.h" @@ -68,4 +66,3 @@ void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index 5750c50cd..d5f8f1310 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -1,7 +1,7 @@ /* * lotus_notes.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,13 +20,10 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_LOTUS_NOTES - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LOTUS_NOTES #include "ndpi_api.h" - /* ************************************ */ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, @@ -84,4 +81,3 @@ void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct *id += 1; } -#endif diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 2c3d3d2d7..65341cdc8 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -1,7 +1,7 @@ /* * mail_imap.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAIL_IMAP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_IMAP #include "ndpi_api.h" @@ -48,12 +46,10 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search IMAP_IMAP\n"); if (flow->l4.tcp.mail_imap_starttls == 2) { -#ifdef NDPI_PROTOCOL_SSL NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP); NDPI_DEL_PROTOCOL_FROM_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL); return; -#endif } if (packet->payload_packet_len >= 4 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { @@ -320,5 +316,3 @@ void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 4f9a6ea5f..83847f1f8 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -2,7 +2,7 @@ * mail_pop.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAIL_POP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_POP #include "ndpi_api.h" @@ -212,5 +210,3 @@ void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 252c74ffe..f7fbd337c 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -2,7 +2,7 @@ * mail_smtp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAIL_SMTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_SMTP #include "ndpi_api.h" @@ -189,4 +187,3 @@ void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c index a55c2cc11..e45729b8b 100644 --- a/src/lib/protocols/maplestory.c +++ b/src/lib/protocols/maplestory.c @@ -2,7 +2,7 @@ * maplestory.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAPLESTORY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAPLESTORY #include "ndpi_api.h" @@ -94,5 +92,3 @@ void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index 17a6d921d..77bdf4208 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -1,7 +1,7 @@ /* * mdns.c * - * Copyright (C) 2016-17 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MDNS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MDNS #include "ndpi_api.h" @@ -159,4 +157,3 @@ void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index bb317f5d5..e4b694ea6 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -2,7 +2,7 @@ * megaco.c * * Copyright (C) 2014 by Gianluca Costa http://www.capanalysis.net - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,14 +20,13 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MEGACO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEGACO #include "ndpi_api.h" -void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -61,4 +60,3 @@ void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index 69fe33fac..86fadcb63 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -1,7 +1,7 @@ /* * mgcp.c * - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,14 +23,10 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MGCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MGCP #include "ndpi_api.h" - - static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -93,4 +89,3 @@ void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index 3558bdce7..c1f227565 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -2,7 +2,7 @@ * mpegts.c (MPEG Transport Stream) * https://en.wikipedia.org/wiki/MPEG_transport_stream * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MPEGTS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MPEGTS #include "ndpi_api.h" @@ -65,4 +63,3 @@ void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 950dde5d1..b9f90c3b5 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MQTT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MQTT #include "ndpi_api.h" @@ -255,5 +253,4 @@ void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct, *id +=1; } -#endif // NDPI_PROTOCOL_MQTT diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index ec090cf00..8ab45ad32 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -2,7 +2,7 @@ * msn.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,9 +24,6 @@ #include "ndpi_protocol_ids.h" - -#ifdef NDPI_PROTOCOL_MSN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSN #include "ndpi_api.h" @@ -65,7 +62,6 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct u_int16_t plen; u_int16_t status = 0; -#ifdef NDPI_PROTOCOL_SSL if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { NDPI_LOG_DBG2(ndpi_struct, "msn ssl ft test\n"); @@ -73,28 +69,32 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->packet_counter < 10) { if(flow->packet_counter == 7 && packet->payload_packet_len > 300) { if(memcmp(packet->payload + 24, "MSNSLP", 6) == 0 - || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000) && get_u_int32_t(packet->payload, 4) == 0x00000000)) { + || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000) + && get_u_int32_t(packet->payload, 4) == 0x00000000)) { NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer, ifdef ssl\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } } - if(flow->packet_counter >= 5 && flow->packet_counter <= 10 && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000) - && get_u_int32_t(packet->payload, 4) == 0x00000000)) { + + if(flow->packet_counter >= 5 && flow->packet_counter <= 10 + && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000) + && get_u_int32_t(packet->payload, 4) == 0x00000000)) { flow->l4.tcp.msn_ssl_ft++; NDPI_LOG_DBG2(ndpi_struct, - "increased msn ft ssl stage to: %u at packet nr: %u\n", flow->l4.tcp.msn_ssl_ft, + "increased msn ft ssl stage to: %u at packet nr: %u\n", + flow->l4.tcp.msn_ssl_ft, flow->packet_counter); if (flow->l4.tcp.msn_ssl_ft == 2) { NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer, ifdef ssl 2.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); } + return; } } } -#endif /* we detect the initial connection only ! */ /* match: "VER " ..... "CVR" x 0x0d 0x0a @@ -103,15 +103,17 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct */ /* now we have a look at the first packet only. */ if(flow->packet_counter == 1 -#ifdef NDPI_PROTOCOL_SSL - || ((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) && flow->packet_counter <= 3) -#endif + || ((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) + && flow->packet_counter <= 3) ) { /* this part is working asymmetrically */ - if(packet->payload_packet_len > 32 && (packet->payload[0] == 0x02 || packet->payload[0] == 0x00) - && (ntohl(get_u_int32_t(packet->payload, 8)) == 0x2112a442 || ntohl(get_u_int32_t(packet->payload, 4)) == 0x2112a442) - && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6) + if(packet->payload_packet_len > 32 + && (packet->payload[0] == 0x02 || packet->payload[0] == 0x00) + && (ntohl(get_u_int32_t(packet->payload, 8)) == 0x2112a442 + || ntohl(get_u_int32_t(packet->payload, 4)) == 0x2112a442) + && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004 + && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6) || (ntohl(get_u_int32_t(packet->payload, 20)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 24)) == 0x72c64bc6))) { NDPI_LOG_INFO(ndpi_struct, @@ -145,10 +147,9 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } } } + if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "GET ") || ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "POST ")) { ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -160,18 +161,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } } -/* #ifdef NDPI_PROTOCOL_HTTP */ -/* /\* we have to examine two http packets *\/ */ -/* if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) { */ -/* } */ -/* #endif */ + /* not seen this pattern in any trace */ /* now test for http login, at least 100 a bytes packet */ if(packet->payload_packet_len > 100) { if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif memcmp(packet->payload, "POST http://", 12) == 0) { /* scan packet if not already done... */ ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -193,9 +188,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct /* for this case the asymmetric detection is asym (1) */ if(packet->payload_packet_len > 400) { if(( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif (memcmp(packet->payload, "POST ", 5) == 0))) { u_int16_t c; if(memcmp(&packet->payload[5], "http://", 7) == 0) { @@ -259,9 +252,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct && packet->payload_packet_len > 100) { /* not necessary to check the length, because this has been done : >400. */ if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "HTTP/1.0 200 OK") || ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "HTTP/1.1 200 OK") ) { @@ -342,9 +333,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct packet->payload_packet_len > 100) { /* not necessary to check the length, because this has been done : >400. */ if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif (memcmp(packet->payload, "HTTP/1.0 200 OK", 15) == 0) || (memcmp(packet->payload, "HTTP/1.1 200 OK", 15) == 0)) { @@ -507,15 +496,9 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* the detection can switch out the http or the ssl detection. In this case we need not check those protocols */ // need to do the ceck when protocol == http too (POST /gateway ...) if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN -#ifdef NDPI_PROTOCOL_HTTP || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP -#endif -#ifdef NDPI_PROTOCOL_SSL || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL -#endif -#ifdef NDPI_PROTOCOL_STUN || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN -#endif ) ndpi_search_msn_tcp(ndpi_struct, flow); } else if (packet->udp != NULL) { @@ -525,7 +508,8 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd } -void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { NDPI_BITMASK_RESET(ndpi_struct->callback_buffer[*id].excluded_protocol_bitmask); @@ -540,4 +524,3 @@ void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 75507fd52..621ea2b0e 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -1,7 +1,7 @@ /* * mssql.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MSSQL_TDS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSSQL_TDS #include "ndpi_api.h" @@ -83,5 +81,3 @@ void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index d1e695e55..d1602a2fe 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -2,7 +2,7 @@ * mysql.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MYSQL - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MYSQL #include "ndpi_api.h" @@ -85,5 +83,3 @@ void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 634284121..4c5897c14 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -2,7 +2,7 @@ * netbios.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NETBIOS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETBIOS #include "ndpi_api.h" @@ -390,5 +388,3 @@ void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index a553e4b6a..23c4bc587 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -1,7 +1,7 @@ /* * netflow.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NETFLOW - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETFLOW #include "ndpi_api.h" @@ -184,4 +182,3 @@ void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c index c074b9d3b..c9e3265a5 100644 --- a/src/lib/protocols/nfs.c +++ b/src/lib/protocols/nfs.c @@ -2,7 +2,7 @@ * nfs.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NFS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NFS #include "ndpi_api.h" @@ -101,4 +99,3 @@ void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index 8b76f33a6..bbc87a495 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -1,7 +1,7 @@ /* * nintendo.c * - * Copyright (C) 2017 by ntop.org + * Copyright (C) 2017-18 by ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NINTENDO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NINTENDO #include "ndpi_api.h" @@ -67,4 +65,3 @@ void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c index 9899b056b..da572b6c0 100644 --- a/src/lib/protocols/noe.c +++ b/src/lib/protocols/noe.c @@ -7,8 +7,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NOE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NOE #include "ndpi_api.h" @@ -21,7 +19,8 @@ static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct NDPI_LOG_INFO(ndpi_struct, "found noe\n"); } -void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -66,4 +65,3 @@ void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index 668a158d7..b7cc4a4d0 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -2,7 +2,7 @@ * non_tcp_udp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#if defined(NDPI_PROTOCOL_IP_IPSEC) || defined(NDPI_PROTOCOL_IP_GRE) || defined(NDPI_PROTOCOL_IP_ICMP) || defined(NDPI_PROTOCOL_IP_IGMP) || defined(NDPI_PROTOCOL_IP_EGP) || defined(NDPI_PROTOCOL_IP_SCTP) || defined(NDPI_PROTOCOL_IP_OSPF) || defined(NDPI_PROTOCOL_IP_IP_IN_IP) - #include "ndpi_api.h" #define set_protocol_and_bmask(nprot) \ @@ -52,57 +50,46 @@ void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct } switch (packet->l4_protocol) { -#ifdef NDPI_PROTOCOL_IP_IPSEC case NDPI_IPSEC_PROTOCOL_ESP: case NDPI_IPSEC_PROTOCOL_AH: set_protocol_and_bmask(NDPI_PROTOCOL_IP_IPSEC); break; -#endif /* NDPI_PROTOCOL_IP_IPSEC */ -#ifdef NDPI_PROTOCOL_IP_GRE + case NDPI_GRE_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_GRE); break; -#endif /* NDPI_PROTOCOL_IP_GRE */ -#ifdef NDPI_PROTOCOL_IP_ICMP + case NDPI_ICMP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_ICMP); break; -#endif /* NDPI_PROTOCOL_IP_ICMP */ -#ifdef NDPI_PROTOCOL_IP_IGMP + case NDPI_IGMP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_IGMP); break; -#endif /* NDPI_PROTOCOL_IP_IGMP */ -#ifdef NDPI_PROTOCOL_IP_EGP + case NDPI_EGP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_EGP); break; -#endif /* NDPI_PROTOCOL_IP_EGP */ -#ifdef NDPI_PROTOCOL_IP_SCTP + case NDPI_SCTP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_SCTP); break; -#endif /* NDPI_PROTOCOL_IP_SCTP */ -#ifdef NDPI_PROTOCOL_IP_OSPF + case NDPI_OSPF_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_OSPF); break; -#endif /* NDPI_PROTOCOL_IP_OSPF */ -#ifdef NDPI_PROTOCOL_IP_IP_IN_IP + case NDPI_IPIP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_IP_IN_IP); break; -#endif /* NDPI_PROTOCOL_IP_IP_IN_IP */ -#ifdef NDPI_PROTOCOL_IP_ICMPV6 + case NDPI_ICMPV6_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_ICMPV6); break; -#endif /* NDPI_PROTOCOL_IP_ICMPV6 */ -#ifdef NDPI_PROTOCOL_IP_VRRP + case 112: set_protocol_and_bmask(NDPI_PROTOCOL_IP_VRRP); break; -#endif /* NDPI_PROTOCOL_IP_VRRP */ } } @@ -113,7 +100,6 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct /* always add non tcp/udp if one protocol is compiled in */ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[*id].detection_bitmask, NDPI_PROTOCOL_UNKNOWN); -#ifdef NDPI_PROTOCOL_IP_IPSEC ndpi_set_bitmask_protocol_detection("IP_IPSEC", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IPSEC, ndpi_search_in_non_tcp_udp, @@ -121,8 +107,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_GRE + ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_GRE, ndpi_search_in_non_tcp_udp, @@ -130,8 +115,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_ICMP + ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_ICMP, ndpi_search_in_non_tcp_udp, @@ -139,8 +123,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_IGMP + ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IGMP, ndpi_search_in_non_tcp_udp, @@ -148,8 +131,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_EGP + ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_EGP, ndpi_search_in_non_tcp_udp, @@ -157,8 +139,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_SCTP + ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_SCTP, ndpi_search_in_non_tcp_udp, @@ -166,8 +147,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_OSPF + ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_OSPF, ndpi_search_in_non_tcp_udp, @@ -175,8 +155,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_IP_IN_IP + ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IP_IN_IP, ndpi_search_in_non_tcp_udp, @@ -184,8 +163,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_ICMPV6 + ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_ICMPV6, ndpi_search_in_non_tcp_udp, @@ -193,8 +171,4 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif - } - -#endif diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 3b8eb3d7d..9290fbfb3 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -2,7 +2,7 @@ * ntp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NTP #include "ndpi_api.h" @@ -77,4 +75,3 @@ void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index d0b50c8a2..30fb1c68f 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -2,7 +2,7 @@ * openft.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_OPENFT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT #include "ndpi_api.h" @@ -67,5 +65,3 @@ void init_openft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index 6756c173d..6bd480ea1 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -1,7 +1,7 @@ /* * openvpn.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * OpenVPN TCP / UDP Detection - 128/160 hmac * @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_OPENVPN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENVPN #include "ndpi_api.h" @@ -135,5 +133,3 @@ void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c index 5fda78672..6ad6bac4c 100644 --- a/src/lib/protocols/oracle.c +++ b/src/lib/protocols/oracle.c @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ORACLE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ORACLE #include "ndpi_api.h" @@ -75,5 +73,3 @@ void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index 6dec353a5..010a620e9 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -2,7 +2,7 @@ * oscar.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_OSCAR - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OSCAR #include "ndpi_api.h" @@ -816,5 +814,3 @@ void init_oscar_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c index ccf1ee12d..ece78559d 100644 --- a/src/lib/protocols/pando.c +++ b/src/lib/protocols/pando.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PANDO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PANDO #include "ndpi_api.h" @@ -167,5 +165,3 @@ void init_pando_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/pcanywhere.c b/src/lib/protocols/pcanywhere.c index 56b68b567..0d205d5f3 100644 --- a/src/lib/protocols/pcanywhere.c +++ b/src/lib/protocols/pcanywhere.c @@ -2,7 +2,7 @@ * pcanywhere.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PCANYWHERE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PCANYWHERE #include "ndpi_api.h" @@ -67,4 +65,3 @@ void init_pcanywhere_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index e23d316e4..089be4e31 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -2,7 +2,7 @@ * postgres.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_POSTGRES - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_POSTGRES #include "ndpi_api.h" @@ -131,4 +129,3 @@ void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/pplive.c b/src/lib/protocols/pplive.c index 6f874d7b6..2e41d64f5 100644 --- a/src/lib/protocols/pplive.c +++ b/src/lib/protocols/pplive.c @@ -26,8 +26,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PPLIVE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPLIVE #include "ndpi_api.h" @@ -232,4 +230,3 @@ void init_pplive_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 08d2f8ade..20eb0d428 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -1,7 +1,7 @@ /* * ppstream.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PPSTREAM - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPSTREAM #include "ndpi_api.h" @@ -237,4 +235,3 @@ void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c index 9bacdeded..cfe360b5b 100644 --- a/src/lib/protocols/pptp.c +++ b/src/lib/protocols/pptp.c @@ -2,7 +2,7 @@ * pptp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PPTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPTP #include "ndpi_api.h" @@ -69,5 +67,3 @@ void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index f3b713132..077d385fa 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -2,7 +2,7 @@ * qq.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_QQ - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QQ #include "ndpi_api.h" @@ -636,17 +634,13 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct } } } -#ifdef NDPI_PROTOCOL_HTTP + if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { -#endif /* NDPI_PROTOCOL_HTTP */ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); NDPI_LOG_DBG(ndpi_struct, "QQ tcp excluded; len %u\n", packet->payload_packet_len); - -#ifdef NDPI_PROTOCOL_HTTP } -#endif /* NDPI_PROTOCOL_HTTP */ } @@ -674,5 +668,3 @@ void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32 *id += 1; } - -#endif diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 6bf5cb0b2..4c838f41f 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -3,10 +3,6 @@ * * Copyright (C) 2012-18 - ntop.org * - * Based on code of: - * Andrea Buscarinu - - * Michele Campus - - * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or @@ -20,12 +16,14 @@ * You should have received a copy of the GNU Lesser General Public License. * If not, see . * + * Based on code of: + * Andrea Buscarinu - + * Michele Campus - + * */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_QUIC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC #include "ndpi_api.h" @@ -148,5 +146,3 @@ void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif /* NDPI_PROTOCOL_QUIC */ diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index e0eb2657b..1c85f48d7 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -1,7 +1,7 @@ /* * radius.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RADIUS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RADIUS #include "ndpi_api.h" @@ -79,5 +77,3 @@ void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index 9ce692893..bc59ea1fb 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -2,7 +2,7 @@ * rdp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RDP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RDP #include "ndpi_api.h" @@ -69,5 +67,3 @@ void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c index 4b51908fd..cb1e2e39b 100644 --- a/src/lib/protocols/redis_net.c +++ b/src/lib/protocols/redis_net.c @@ -1,7 +1,7 @@ /* * redis.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_REDIS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_REDIS #include "ndpi_api.h" @@ -103,5 +101,3 @@ void init_redis_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c index 157b2e0e0..8cc3dd16d 100644 --- a/src/lib/protocols/rsync.c +++ b/src/lib/protocols/rsync.c @@ -2,7 +2,7 @@ * rsync.c * * Copyright (C) 2013 Remy Mudingay - * Copyright (C) 2016 ntop.org + * Copyright (C) 2016-18 ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RSYNC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RSYNC #include "ndpi_api.h" @@ -69,5 +67,3 @@ void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index b924b476d..77903d6cc 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -6,8 +6,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTCP #include "ndpi_api.h" @@ -15,10 +13,12 @@ static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, + NDPI_PROTOCOL_UNKNOWN); } -void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; @@ -79,5 +79,3 @@ void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index 52492a290..9bf73fecd 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTMP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTMP #include "ndpi_api.h" @@ -105,4 +103,3 @@ void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 38cd62504..0ccc08594 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -2,7 +2,7 @@ * rtp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTP #include "ndpi_api.h" @@ -308,13 +306,12 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, return; exclude_rtp: -#ifdef NDPI_PROTOCOL_STUN if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN || /* packet->real_protocol_read_only == NDPI_PROTOCOL_STUN */) { NDPI_LOG_DBG(ndpi_struct, "STUN: is detected, need next packet\n"); return; } -#endif /* NDPI_PROTOCOL_STUN */ + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -337,7 +334,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n"); return; } -#ifdef NDPI_PROTOCOL_STUN + /* TODO the rtp detection sometimes doesn't exclude rtp * so for TCP flows only run the detection if STUN has been * detected (or RTP is already detected) @@ -360,6 +357,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd return; } } + if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && flow->l4.tcp.rtp_special_packets_seen == 1) { if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) + 4 == packet->payload_packet_len) { @@ -378,15 +376,13 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd } else { NDPI_LOG_DBG(ndpi_struct, "STUN not yet excluded, need next packet\n"); } -#else - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -#endif } } #endif -void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RTP, @@ -398,6 +394,3 @@ void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif -/* NDPI_PROTOCOL_RTP */ - diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index e20c53065..9620dd504 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -2,7 +2,7 @@ * rtsp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,14 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTSP - #ifndef NDPI_PROTOCOL_RTP - #error RTSP requires RTP detection to work correctly - #endif - #ifndef NDPI_PROTOCOL_RDP - #error RTSP requires RDP detection to work correctly - #endif - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTSP #include "ndpi_api.h" @@ -56,9 +48,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); if (flow->rtsprdt_stage == 0 -#ifdef NDPI_PROTOCOL_RTCP && !(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTCP) -#endif ) { flow->rtsprdt_stage = 1 + packet->packet_direction; NDPI_LOG_DBG2(ndpi_struct, "maybe handshake 1; need next packet, return\n"); @@ -102,9 +92,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct } if (packet->udp != NULL && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && ((NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP) == 0) -#ifdef NDPI_PROTOCOL_RTCP || (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP) == 0) -#endif )) { NDPI_LOG_DBG2(ndpi_struct, "maybe RTSP RTP, RTSP RTCP, RDT; need next packet.\n"); @@ -127,5 +115,3 @@ void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index 6eb9bf149..522d9ef5c 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -1,7 +1,7 @@ /* * rx.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * Giovanni Mascellani * @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RX #include "ndpi_api.h" @@ -227,4 +225,3 @@ void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index 75b631abc..cb1acff8d 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -1,7 +1,7 @@ /* * sflow.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SFLOW - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SFLOW #include "ndpi_api.h" @@ -59,4 +57,3 @@ void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c index 2115c574f..10486c0bd 100644 --- a/src/lib/protocols/shoutcast.c +++ b/src/lib/protocols/shoutcast.c @@ -2,7 +2,7 @@ * shoutcast.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SHOUTCAST - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SHOUTCAST #include "ndpi_api.h" @@ -52,9 +50,7 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct return; } if (flow->packet_counter < 3 -#ifdef NDPI_PROTOCOL_HTTP && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP -#endif ) { NDPI_LOG_DBG2(ndpi_struct, "http detected, need next packet for shoutcast detection.\n"); @@ -119,4 +115,4 @@ void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif + diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 5edd377c6..1436b2cec 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -2,7 +2,7 @@ * sip.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SIP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SIP #include "ndpi_api.h" @@ -59,12 +57,8 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct packet_payload += 4; } } -#ifndef NDPI_PROTOCOL_YAHOO - if (payload_len >= 14 && packet_payload[payload_len - 2] == 0x0d && packet_payload[payload_len - 1] == 0x0a) -#endif -#ifdef NDPI_PROTOCOL_YAHOO - if (payload_len >= 14) -#endif + + if (payload_len >= 14) { if ((memcmp(packet_payload, "NOTIFY ", 7) == 0 || memcmp(packet_payload, "notify ", 7) == 0) @@ -146,19 +140,18 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct NDPI_LOG_DBG2(ndpi_struct, "need next packet\n"); return; } -#ifdef NDPI_PROTOCOL_STUN + /* for STUN flows we need some more packets */ if (packet->udp != NULL && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN && flow->packet_counter < 40) { NDPI_LOG_DBG2(ndpi_struct, "need next STUN packet\n"); return; } -#endif if (payload_len == 4 && get_u_int32_t(packet_payload, 0) == 0) { NDPI_LOG_DBG2(ndpi_struct, "maybe sip. need next packet\n"); return; } -#ifdef NDPI_PROTOCOL_YAHOO + if (payload_len > 30 && packet_payload[0] == 0x90 && packet_payload[3] == payload_len - 20 && get_u_int32_t(packet_payload, 4) == 0 && get_u_int32_t(packet_payload, 8) == 0) { @@ -168,9 +161,8 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if (flow->sip_yahoo_voice && flow->packet_counter < 10) { return; } -#endif - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -200,4 +192,3 @@ void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c index 0acebf271..5ec54dbdf 100644 --- a/src/lib/protocols/skinny.c +++ b/src/lib/protocols/skinny.c @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SKINNY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKINNY #include "ndpi_api.h" @@ -75,5 +73,3 @@ void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index ea571961f..698fff052 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -1,7 +1,7 @@ /* * skype.c * - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SKYPE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKYPE #include "ndpi_api.h" @@ -112,5 +110,3 @@ void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index 6ac7e282a..fa684eb66 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -1,7 +1,7 @@ /* * smb.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SMB - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMB #include "ndpi_api.h" @@ -66,4 +64,3 @@ void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 1bd2a870b..444516cd3 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -2,7 +2,7 @@ * smpp.c * * Copyright (C) 2016 - Damir Franusic - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -22,8 +22,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SMPP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMPP #include "ndpi_api.h" @@ -319,5 +317,3 @@ void init_smpp_dissector(struct ndpi_detection_module_struct* ndpi_struct, *id += 1; } - -#endif // NDPI_PROTOCOL_SMPP diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c index 6a2f2624f..759d6bae0 100644 --- a/src/lib/protocols/snmp.c +++ b/src/lib/protocols/snmp.c @@ -2,7 +2,7 @@ * snmp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SNMP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SNMP #include "ndpi_api.h" @@ -141,4 +139,3 @@ void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 32c83934a..36c18ef54 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -1,7 +1,7 @@ /* * socks4.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * Copyright (C) 2014 Tomasz Bujlow * * The signature is based on the Libprotoident library. @@ -25,8 +25,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOCKS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOCKS #include "ndpi_api.h" @@ -148,4 +146,3 @@ void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index 604022714..e4ebc52ff 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOMEIP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOMEIP #include "ndpi_api.h" @@ -227,5 +225,4 @@ void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, *id +=1; } -#endif // NDPI_PROTOCOL_SOMEIP diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 3e8009454..c40213bf7 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -2,7 +2,7 @@ * sopcast.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOPCAST - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOPCAST #include "ndpi_api.h" @@ -226,4 +224,3 @@ void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 8f4bbb32c..82b7097af 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -1,7 +1,7 @@ /* * soulseek.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOULSEEK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOULSEEK #include "ndpi_api.h" @@ -278,5 +276,3 @@ void init_soulseek_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index f3b23aadb..699d8f346 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SPOTIFY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SPOTIFY #include "ndpi_api.h" @@ -140,4 +138,3 @@ void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index ce681d9b6..9fd5005ae 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -2,7 +2,7 @@ * ssdp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SSDP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSDP #include "ndpi_api.h" @@ -80,4 +78,3 @@ void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 89b359040..1a20078c3 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -2,7 +2,7 @@ * ssh.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SSH - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSH #include "ndpi_api.h" @@ -99,4 +97,3 @@ void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5c65b83c1..a277f8120 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -1,7 +1,7 @@ /* * ssl.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,9 +23,6 @@ #include "ndpi_protocol_ids.h" - -#ifdef NDPI_PROTOCOL_SSL - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSL #include "ndpi_api.h" @@ -65,9 +62,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st if((sport == 465) || (dport == 465) || (sport == 587) || (dport == 587)) protocol = NDPI_PROTOCOL_MAIL_SMTPS; else if((sport == 993) || (dport == 993) -#ifdef NDPI_PROTOCOL_MAIL_IMAP || (flow->l4.tcp.mail_imap_starttls) -#endif ) protocol = NDPI_PROTOCOL_MAIL_IMAPS; else if((sport == 995) || (dport == 995)) protocol = NDPI_PROTOCOL_MAIL_POPS; } @@ -386,10 +381,9 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); return(rc); /* Fix courtesy of Gianluca Costa */ } -#ifdef NDPI_PROTOCOL_TOR + if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) return(rc); -#endif } if(((packet->ssl_certificate_num_checks >= 2) @@ -410,24 +404,22 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; u_int32_t a; u_int32_t end; -#if defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) goto check_for_ssl_payload; -#endif -#if defined(NDPI_PROTOCOL_OSCAR) + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_OSCAR) != 0) goto check_for_ssl_payload; -#endif - goto no_check_for_ssl_payload; + else + goto no_check_for_ssl_payload; check_for_ssl_payload: end = packet->payload_packet_len - 20; for (a = 5; a < end; a++) { -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + if(packet->payload[a] == 't') { if(memcmp(&packet->payload[a], "talk.google.com", 15) == 0) { if(NDPI_COMPARE_PROTOCOL_TO_BITMASK @@ -438,8 +430,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct } } } -#endif -#ifdef NDPI_PROTOCOL_OSCAR + if(packet->payload[a] == 'A' || packet->payload[a] == 'k' || packet->payload[a] == 'c' || packet->payload[a] == 'h') { if(((a + 19) < packet->payload_packet_len && memcmp(&packet->payload[a], "America Online Inc.", 19) == 0) @@ -475,11 +466,9 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct return; } } -#endif } no_check_for_ssl_payload: -#endif if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { NDPI_LOG_DBG(ndpi_struct, "found ssl connection\n"); sslDetectProtocolFromCertificate(ndpi_struct, flow); @@ -726,5 +715,3 @@ void init_ssl_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index 73cdd0b12..8c344d78d 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -2,7 +2,7 @@ * starcraft.c * * Copyright (C) 2015 - Matteo Bracci -* Copyright (C) 2015 - ntop.org +* Copyright (C) 2015-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STARCRAFT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STARCRAFT #include "ndpi_api.h" @@ -155,4 +153,3 @@ void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c index 8bd75b1a3..00c7ba648 100644 --- a/src/lib/protocols/stealthnet.c +++ b/src/lib/protocols/stealthnet.c @@ -2,7 +2,7 @@ * stealthnet.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STEALTHNET - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEALTHNET #include "ndpi_api.h" @@ -69,4 +67,3 @@ void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 64eaa04fe..0a737baf9 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -25,8 +25,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STEAM - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEAM #include "ndpi_api.h" @@ -299,5 +297,3 @@ void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 8f374ff59..ad6a585f9 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -2,7 +2,7 @@ * stun.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STUN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STUN #include "ndpi_api.h" @@ -242,5 +240,3 @@ void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index d83cd99f7..fc51fc065 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -2,7 +2,7 @@ * syslog.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SYSLOG - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SYSLOG #include "ndpi_api.h" @@ -131,5 +129,3 @@ void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 407d36b3b..2d28182df 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -1,7 +1,7 @@ /* * tcp_or_udp.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index df13c9756..214a2fe99 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -19,8 +19,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TEAMSPEAK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMSPEAK #include "ndpi_api.h" @@ -79,4 +77,3 @@ void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index f06e40a73..1fa39ff43 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -2,7 +2,7 @@ * teamviewer.c * * Copyright (C) 2012 by Gianluca Costa xplico.org - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TEAMVIEWER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMVIEWER #include "ndpi_api.h" @@ -116,4 +114,3 @@ void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index d80f5f6b5..79be38eae 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -2,7 +2,7 @@ * telegram.c * * Copyright (C) 2014 by Gianluca Costa xplico.org - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TELEGRAM - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELEGRAM #include "ndpi_api.h" @@ -83,4 +81,3 @@ void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 264e83aa1..33d19e1dc 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -2,7 +2,7 @@ * telnet.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TELNET - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELNET #include "ndpi_api.h" @@ -117,5 +115,3 @@ void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 2439f997b..732b1d6c9 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -1,7 +1,7 @@ /* * teredo.c * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TEREDO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEREDO #include "ndpi_api.h" @@ -57,4 +55,3 @@ void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c index 082e04326..f3da3463c 100644 --- a/src/lib/protocols/tftp.c +++ b/src/lib/protocols/tftp.c @@ -2,7 +2,7 @@ * tftp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TFTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TFTP #include "ndpi_api.h" @@ -79,4 +77,3 @@ void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 384436f13..754f68f60 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -2,7 +2,7 @@ * thunder.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_THUNDER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_THUNDER #include "ndpi_api.h" @@ -221,5 +219,3 @@ void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index 19bfa34aa..7ee4105e8 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -2,7 +2,7 @@ * tinc.c * * Copyright (C) 2017 - William Guglielmo - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TINC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TINC #include "ndpi_api.h" @@ -154,4 +152,3 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index 134f191c3..f1c6f586a 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -1,14 +1,12 @@ /* * tor.c * - * Copyright (C) 2016 ntop.org + * Copyright (C) 2016-18 ntop.org * Copyright (C) 2013 Remy Mudingay * */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TOR - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TOR #include "ndpi_api.h" @@ -132,4 +130,3 @@ void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/tvants.c b/src/lib/protocols/tvants.c index ceee278b9..eafce38c4 100644 --- a/src/lib/protocols/tvants.c +++ b/src/lib/protocols/tvants.c @@ -2,7 +2,7 @@ * tvants.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TVANTS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVANTS #include "ndpi_api.h" @@ -85,5 +83,3 @@ void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index 2160a5afa..ce84c7de3 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -2,7 +2,7 @@ * tvuplayer.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TVUPLAYER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVUPLAYER #include "ndpi_api.h" @@ -160,5 +158,3 @@ void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index d8392fda7..2e35d1d98 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -21,13 +21,10 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_UBNTAC2 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UBNTAC2 #include "ndpi_api.h" - static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN); @@ -94,5 +91,3 @@ void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c index 0a995d6f8..6a2970d6e 100644 --- a/src/lib/protocols/usenet.c +++ b/src/lib/protocols/usenet.c @@ -2,7 +2,7 @@ * usenet.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_USENET - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_USENET #include "ndpi_api.h" @@ -104,5 +102,3 @@ void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index 844eaf84f..eef5c065f 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -1,7 +1,7 @@ /* * vhua.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can vhuatribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VHUA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VHUA #include "ndpi_api.h" @@ -79,4 +77,3 @@ void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 517b74b91..65e227234 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -2,7 +2,7 @@ * viber.c * * Copyright (C) 2013 Remy Mudingay - * Copyright (C) 2013 - 2014 ntop.org + * Copyright (C) 2013-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VIBER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VIBER #include "ndpi_api.h" @@ -61,5 +59,3 @@ void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index 34fe84ab9..138d09bbc 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -1,7 +1,7 @@ /* * vmware.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VMWARE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VMWARE #include "ndpi_api.h" @@ -56,5 +54,3 @@ void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index 6bbb26c6d..65988bce6 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -1,7 +1,7 @@ /* * vnc.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VNC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VNC #include "ndpi_api.h" @@ -76,5 +74,3 @@ void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index bbc1d8388..3f970bd25 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -2,7 +2,7 @@ * warcraft3.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WARCRAFT3 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WARCRAFT3 #include "ndpi_api.h" @@ -106,4 +104,3 @@ void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index b079dcd01..6a98eac6b 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WHATSAPP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHATSAPP #include "ndpi_api.h" @@ -56,5 +54,3 @@ void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index 291ae15ca..335aa6f65 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -1,7 +1,7 @@ /* * whoisdas.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WHOIS_DAS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHOIS_DAS #include "ndpi_api.h" @@ -75,5 +73,3 @@ void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c index 534addc7d..d179ef526 100644 --- a/src/lib/protocols/world_of_kung_fu.c +++ b/src/lib/protocols/world_of_kung_fu.c @@ -2,7 +2,7 @@ * world_of_kung_fu.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,7 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WORLD_OF_KUNG_FU #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLD_OF_KUNG_FU #include "ndpi_api.h" @@ -64,5 +63,3 @@ void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_s *id += 1; } - -#endif diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index bfcf3f4e1..acb010a85 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -2,7 +2,7 @@ * world_of_warcraft.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLDOFWARCRAFT #include "ndpi_api.h" @@ -215,4 +213,3 @@ void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_ *id += 1; } -#endif diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c index 3182c191c..5d1f64d43 100644 --- a/src/lib/protocols/xbox.c +++ b/src/lib/protocols/xbox.c @@ -1,7 +1,7 @@ /* * xbox.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,7 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_XBOX #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XBOX #include "ndpi_api.h" @@ -84,9 +83,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n } /* exclude here all non matched udp traffic, exclude here tcp only if http has been excluded, because xbox could use http */ -#ifdef NDPI_PROTOCOL_HTTP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { -#endif NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } @@ -106,4 +103,3 @@ void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c index 71bcd9c69..35b08b91b 100644 --- a/src/lib/protocols/xdmcp.c +++ b/src/lib/protocols/xdmcp.c @@ -2,7 +2,7 @@ * xdmcp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_XDMCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XDMCP #include "ndpi_api.h" @@ -77,5 +75,3 @@ void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c index 1144fb4ef..3be953939 100644 --- a/src/lib/protocols/yahoo.c +++ b/src/lib/protocols/yahoo.c @@ -1,7 +1,7 @@ /* * yahoo.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,11 +22,9 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_YAHOO #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_YAHOO -#include "ndpi_api.h" - +#include "ndpi_api.h" struct ndpi_yahoo_header { u_int8_t YMSG_str[4]; @@ -313,9 +311,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru } } /* detect YAHOO over HTTP proxy */ -#ifdef NDPI_PROTOCOL_HTTP if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) -#endif { if (flow->l4.tcp.yahoo_http_proxy_stage == 0) { @@ -370,12 +366,8 @@ void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(packet->tcp != NULL && packet->tcp_retransmission == 0) { if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN -#ifdef NDPI_PROTOCOL_HTTP || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP -#endif -#ifdef NDPI_PROTOCOL_SSL || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { -#endif /* search over TCP */ ndpi_search_yahoo_tcp(ndpi_struct, flow); } @@ -412,4 +404,3 @@ void init_yahoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index c3e514dda..3b0c02d80 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -1,7 +1,7 @@ /* * zattoo.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ZATTOO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZATTOO #include "ndpi_api.h" @@ -240,5 +238,3 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c index c7c8e9519..aa73d4a6d 100644 --- a/src/lib/protocols/zeromq.c +++ b/src/lib/protocols/zeromq.c @@ -1,7 +1,7 @@ /* * zmq.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can zmqtribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,7 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ZMQ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZMQ #include "ndpi_api.h" @@ -109,5 +108,3 @@ void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif -- cgit v1.2.3 From 49ed41142c2d166ced74e2e85de52eea414ee7c2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 22 Jul 2018 21:06:10 +0200 Subject: Fixed SEGV with undepcified protos --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5396187cd..d41e775b0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2503,7 +2503,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, } for(i=0, def = NULL; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if(strcasecmp(ndpi_mod->proto_defaults[i].protoName, proto) == 0) { + if(ndpi_mod->proto_defaults[i].protoName && strcasecmp(ndpi_mod->proto_defaults[i].protoName, proto) == 0) { def = &ndpi_mod->proto_defaults[i]; subprotocol_id = i; break; -- cgit v1.2.3 From 5100cc0eaec27c9796bab749435972adf2f89246 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 23 Jul 2018 14:58:16 +0200 Subject: Added checks for missing protocol initialization Fixed missing LOG_ERR initialization Fixed logging warnings --- src/include/ndpi_define.h.in | 10 ++--- src/lib/ndpi_main.c | 97 ++++++++++++++++++++++++++++---------------- src/lib/protocols/mqtt.c | 2 +- src/lib/protocols/someip.c | 2 +- src/lib/protocols/soulseek.c | 8 ++-- 5 files changed, 75 insertions(+), 44 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index a641c7b66..37e33a013 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -231,11 +231,11 @@ # define NDPI_LOG_DBG(...) {} # define NDPI_LOG_DBG2(...) {} # else -# define NDPI_LOG(proto, mod, log_level, args...) {} -# define NDPI_LOG_ERR(mod, args...) {} -# define NDPI_LOG_INFO(mod, args...) {} -# define NDPI_LOG_DBG(mod, args...) {} -# define NDPI_LOG_DBG2(mod, args...) {} +# define NDPI_LOG(proto, mod, log_level, args...) { /* printf(args); */ } +# define NDPI_LOG_ERR(mod, args...) { printf(args); } +# define NDPI_LOG_INFO(mod, args...) { /* printf(args); */ } +# define NDPI_LOG_DBG(mod, args...) { /* printf(args); */ } +# define NDPI_LOG_DBG2(mod, args...) { /* printf(args); */ } # endif #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d41e775b0..03c7e91cf 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -523,7 +523,7 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, if(protocol_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES - if ( ndpi_struct && + if( ndpi_struct && ndpi_struct->ndpi_log_level >= NDPI_LOG_DEBUG && ndpi_struct->ndpi_debug_printf != NULL) { @@ -571,8 +571,13 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t)); for(j=0; jproto_defaults[protoId], 0, &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); - if(tcpDefPorts[j].port_low != 0) addDefaultPort(ndpi_mod, &tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot, __FUNCTION__,__LINE__); + if(udpDefPorts[j].port_low != 0) + addDefaultPort(ndpi_mod, &udpDefPorts[j], + &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); + + if(tcpDefPorts[j].port_low != 0) + addDefaultPort(ndpi_mod, &tcpDefPorts[j], + &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot, __FUNCTION__,__LINE__); } } @@ -912,13 +917,30 @@ int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod /* ******************************************************************** */ +static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_struct *ndpi_mod) { + int i; + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { + if(ndpi_mod->proto_defaults[i].protoName == NULL) { + NDPI_LOG_ERR(ndpi_mod, "[NDPI] INTERNAL ERROR missing protoName initialization for [protoId=%d]: recovering\n", i); + } else { + if((i != NDPI_PROTOCOL_UNKNOWN) + && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) { + NDPI_LOG_ERR(ndpi_mod, "[NDPI] INTERNAL ERROR missing category [protoId=%d/%s] initialization: recovering\n", + i, ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); + } + } + } +} + +/* ******************************************************************** */ + /* This function is used to map protocol name and default ports and it MUST be updated whenever a new protocol is added to NDPI. Do NOT add web services (NDPI_SERVICE_xxx) here. */ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) { - int i; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }, @@ -1144,40 +1166,54 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_40, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_41, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_42, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_43, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_44, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_45, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_46, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196, + no_master, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_205, + no_master, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VIDTO, + no_master, + no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, no_master, @@ -1863,22 +1899,15 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AJP, - no_master, - no_master, "AJP", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 8009, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + no_master, + no_master, "AJP", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 8009, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if((ndpi_mod->proto_defaults[i].protoName == NULL) - || ((i != NDPI_PROTOCOL_UNKNOWN) - && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))) { - NDPI_LOG_ERR(ndpi_mod, "[NDPI] missing protoId=%d/%s: INTERNAL ERROR: not all protocols have been initialized\n", - i, ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); - } - } + ndpi_validate_protocol_initialization(ndpi_mod); } /* ****************************************************** */ @@ -2057,7 +2086,7 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct * vsnprintf(str,sizeof(str)-1, format, args); va_end(args); - if (ndpi_str != NULL) { + if(ndpi_str != NULL) { printf("%s:%s:%-3u - [%s]: %s", file_name, func_name, line_number, ndpi_get_proto_name(ndpi_str, proto), str); } else { @@ -2299,9 +2328,9 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); - if (ndpi_struct->udpRoot != NULL) + if(ndpi_struct->udpRoot != NULL) ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); - if (ndpi_struct->tcpRoot != NULL) + if(ndpi_struct->tcpRoot != NULL) ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); if(ndpi_struct->host_automa.ac_automa != NULL) @@ -2463,10 +2492,10 @@ u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi char * strsep(char **sp, char *sep) { char *p, *s; - if (sp == NULL || *sp == NULL || **sp == '\0') return(NULL); + if(sp == NULL || *sp == NULL || **sp == '\0') return(NULL); s = *sp; p = s + strcspn(s, sep); - if (*p != '\0') *p++ = '\0'; + if(*p != '\0') *p++ = '\0'; *sp = p; return(s); } @@ -3365,7 +3394,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str u_int8_t l4protocol; u_int8_t l4_result; - if (flow) { + if(flow) { /* reset payload_packet_len, will be set if ipv4 tcp or udp */ flow->packet.payload_packet_len = 0; flow->packet.l4_packet_len = 0; @@ -3898,8 +3927,8 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, ndpi_connection_tracking(ndpi_struct, flow); /* call the extra packet function (which may add more data/info to flow) */ - if (flow->extra_packets_func) { - if ((flow->extra_packets_func(ndpi_struct, flow)) == 0) + if(flow->extra_packets_func) { + if((flow->extra_packets_func(ndpi_struct, flow)) == 0) flow->check_extra_packets = 0; } @@ -3918,7 +3947,7 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, if(ptr) { ptr[0] = '\0'; ptr++; - if (atoi(ptr)>=0 && atoi(ptr)<=32) + if(atoi(ptr)>=0 && atoi(ptr)<=32) bits = atoi(ptr); } @@ -5371,7 +5400,7 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto) { /* simple rule: sub protocol first, master after */ - if ((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || + if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || (ndpi_mod->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) return ndpi_mod->proto_defaults[proto.app_protocol].protoCategory; else diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index b9f90c3b5..45669c03a 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -230,7 +230,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG_INFO(ndpi_struct, "found Mqtt UNSUBSCRIBE\n",pt); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt UNSUBSCRIBE\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index e4ebc52ff..9211a4b85 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -190,7 +190,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_SD){ - NDPI_LOG_DBG2(ndpi_struct, "SOME/IP-SD currently not supported\n", message_type); + NDPI_LOG_DBG2(ndpi_struct, "SOME/IP-SD currently not supported [%d]\n", message_type); } //Filtering by port. diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 82b7097af..de1b548be 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -49,13 +49,15 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(src != NULL) NDPI_LOG_DBG2(ndpi_struct, " SRC bitmask: %u, packet tick %llu , last safe access timestamp: %llu\n", - NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) - != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) src->soulseek_last_safe_access_time); + NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) + != 0 ? 1 : 0, (long long unsigned int) packet->tick_timestamp, + (long long unsigned int) src->soulseek_last_safe_access_time); if(dst != NULL) NDPI_LOG_DBG2(ndpi_struct, " DST bitmask: %u, packet tick %llu , last safe ts: %llu\n", NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) - != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) dst->soulseek_last_safe_access_time); + != 0 ? 1 : 0, (long long unsigned int) packet->tick_timestamp, + (long long unsigned int) dst->soulseek_last_safe_access_time); if(packet->payload_packet_len == 431) { if(dst != NULL) { -- cgit v1.2.3 From d9cf7987535328275609516afd1a0fc6791bd4fa Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 6 Aug 2018 10:34:45 +0200 Subject: Updated YouTube support --- src/lib/Makefile | 4 +++- src/lib/ndpi_content_match.c.inc | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/Makefile b/src/lib/Makefile index 2beca4516..c9f317931 100644 --- a/src/lib/Makefile +++ b/src/lib/Makefile @@ -5,7 +5,7 @@ # cd src/lib # make -f Makefile.simple # -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g RANLIB=ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o @@ -13,6 +13,8 @@ HEADERS = $(wildcard ../include/*.h) all: libndpi.a +ndpi_main.c: ndpi_content_match.c.inc + libndpi.a: $(OBJECTS) ar rc $@ $(OBJECTS) $(RANLIB) $@ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 38c8ef70f..78a58a7bf 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8186,6 +8186,7 @@ ndpi_protocol_match host_match[] = { { "upload.youtube.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "upload.video.google.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtubei.googleapis.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtu.be.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "yt3.ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From b3b8feabf1a60bcf9e6e8fc748a0a7a6cd8923f2 Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Wed, 15 Aug 2018 16:47:21 -0400 Subject: Added new dissector for Memcached. Signed-off-by: Darryl Sokoloski --- src/include/ndpi_protocol_ids.h | 2 +- src/include/ndpi_protocols.h | 2 + src/include/ndpi_typedefs.h | 6 ++ src/lib/ndpi_main.c | 11 ++- src/lib/protocols/memcached.c | 189 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/memcached.cap | Bin 0 -> 1895 bytes 6 files changed, 205 insertions(+), 5 deletions(-) create mode 100644 src/lib/protocols/memcached.c create mode 100644 tests/pcap/memcached.cap (limited to 'src/lib') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 32f3177d8..f3e100d64 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -74,8 +74,8 @@ typedef enum { NDPI_PROTOCOL_BITTORRENT = 37, NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, NDPI_PROTOCOL_MUSICALLY = 39, + NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ - NDPI_PROTOCOL_FREE_40 = 40, /* Free */ NDPI_PROTOCOL_FREE_41 = 41, /* Free */ NDPI_PROTOCOL_FREE_42 = 42, /* Free */ NDPI_PROTOCOL_FREE_43 = 43, /* Free */ diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index f08b1de73..5c08f85f5 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -203,6 +203,7 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_ajp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_memcached(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -356,4 +357,5 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 41c78bb31..5573c0e90 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -589,6 +589,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; + +/* NDPI_PROTOCOL_MEMCACHED */ + u_int8_t memcached_matches; } #ifndef WIN32 __attribute__ ((__packed__)) @@ -641,6 +644,9 @@ struct ndpi_flow_udp_struct { /* NDPI_PROTOCOL_RX */ u_int32_t rx_conn_epoch; u_int32_t rx_conn_id; + +/* NDPI_PROTOCOL_MEMCACHED */ + u_int8_t memcached_matches; } #ifndef WIN32 __attribute__ ((__packed__)) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 13c89424e..45490685f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1164,11 +1164,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Musical.ly", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_40, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + no_master, "Memcached", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 11211, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 11211, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_41, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, @@ -3160,6 +3160,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AJP */ init_ajp_dissector(ndpi_struct, &a, detection_bitmask); + /* Memcached */ + init_memcached_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c new file mode 100644 index 000000000..e9deb5cc9 --- /dev/null +++ b/src/lib/protocols/memcached.c @@ -0,0 +1,189 @@ +/* + * memcached.c + * + * Copyright (C) 2009-2011 by ipoque GmbH + * Copyright (C) 2011-18 - ntop.org + * Copyright (C) 2018 - eGloo Incorporated + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEMCACHED + +#include "ndpi_api.h" + +#define MCDC_SET "set " +#define MCDC_SET_LEN (sizeof(MCDC_SET) - 1) +#define MCDC_ADD "add " +#define MCDC_ADD_LEN (sizeof(MCDC_ADD) - 1) +#define MCDC_REPLACE "replace " +#define MCDC_REPLACE_LEN (sizeof(MCDC_REPLACE) - 1) +#define MCDC_APPEND "append " +#define MCDC_APPEND_LEN (sizeof(MCDC_APPEND) - 1) +#define MCDC_PREPEND "prepend " +#define MCDC_PREPEND_LEN (sizeof(MCDC_PREPEND) - 1) +#define MCDC_CAS "cas " +#define MCDC_CAS_LEN (sizeof(MCDC_CAS) - 1) +#define MCDC_GET "get " +#define MCDC_GET_LEN (sizeof(MCDC_GET) - 1) +#define MCDC_GETS "gets " +#define MCDC_GETS_LEN (sizeof(MCDC_GETS) - 1) +#define MCDC_DELETE "delete " +#define MCDC_DELETE_LEN (sizeof(MCDC_DELETE) - 1) +#define MCDC_INCR "incr " +#define MCDC_INCR_LEN (sizeof(MCDC_INCR) - 1) +#define MCDC_DECR "decr " +#define MCDC_DECR_LEN (sizeof(MCDC_DECR) - 1) +#define MCDC_TOUCH "touch " +#define MCDC_TOUCH_LEN (sizeof(MCDC_TOUCH) - 1) +#define MCDC_GAT "gat " +#define MCDC_GAT_LEN (sizeof(MCDC_GAT) - 1) +#define MCDC_GATS "gats " +#define MCDC_GATS_LEN (sizeof(MCDC_GATS) - 1) +#define MCDC_STATS "stats" +#define MCDC_STATS_LEN (sizeof(MCDC_STATS) - 1) + +#define MCDR_ERROR "ERROR\r\n" +#define MCDR_ERROR_LEN (sizeof(MCDR_ERROR) - 1) +#define MCDR_CLIENT_ERROR "CLIENT_ERROR " +#define MCDR_CLIENT_ERROR_LEN (sizeof(MCDR_CLIENT_ERROR) - 1) +#define MCDR_SERVER_ERROR "SERVER_ERROR " +#define MCDR_SERVER_ERROR_LEN (sizeof(MCDR_SERVER_ERROR) - 1) +#define MCDR_STORED "STORED\r\n" +#define MCDR_STORED_LEN (sizeof(MCDR_STORED) - 1) +#define MCDR_NOT_STORED "NOT_STORED\r\n" +#define MCDR_NOT_STORED_LEN (sizeof(MCDR_NOT_STORED) - 1) +#define MCDR_EXISTS "EXISTS\r\n" +#define MCDR_EXISTS_LEN (sizeof(MCDR_EXISTS) - 1) +#define MCDR_NOT_FOUND "NOT_FOUND\r\n" +#define MCDR_NOT_FOUND_LEN (sizeof(MCDR_NOT_FOUND) - 1) +#define MCDR_END "END\r\n" +#define MCDR_END_LEN (sizeof(MCDR_END) - 1) +#define MCDR_DELETED "DELETED\r\n" +#define MCDR_DELETED_LEN (sizeof(MCDR_DELETED) - 1) +#define MCDR_TOUCHED "TOUCHED\r\n" +#define MCDR_TOUCHED_LEN (sizeof(MCDR_TOUCHED) - 1) +#define MCDR_STAT "STAT " +#define MCDR_STAT_LEN (sizeof(MCDR_STAT) - 1) + +#define MEMCACHED_UDP_HDR_LEN 8 +#define MEMCACHED_MIN_LEN MCDR_END_LEN +#define MEMCACHED_MIN_UDP_LEN (MEMCACHED_MIN_LEN + MEMCACHED_UDP_HDR_LEN) + +#define MEMCACHED_MIN_MATCH 2 /* Minimum number of command/responses required */ + +#define MEMCACHED_MATCH(cr) memcmp(offset, cr, cr ## _LEN) + +static void ndpi_int_memcached_add_connection(struct ndpi_detection_module_struct + *ndpi_struct, struct ndpi_flow_struct *flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found memcached\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_MEMCACHED, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_memcached( + struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + const u_int8_t *offset = packet->payload; + u_int8_t *matches; + + NDPI_LOG_DBG(ndpi_struct, "search memcached\n"); + + if (packet->tcp != NULL) { + if (packet->payload_packet_len < MEMCACHED_MIN_LEN) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + matches = &flow->l4.tcp.memcached_matches; + } + else if (packet->udp != NULL) { + if (packet->payload_packet_len < MEMCACHED_MIN_UDP_LEN) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if ((offset[4] == 0x00 && offset[5] == 0x00) || + offset[6] != 0x00 || offset[7] != 0x00) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + offset += MEMCACHED_UDP_HDR_LEN; + matches = &flow->l4.udp.memcached_matches; + } + else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + /* grep MCD memcached.c |\ + * egrep -v '(LEN|MATCH)' |\ + * sed -e 's/^#define //g' |\ + * awk '{ printf "else if (! MEMCACHED_MATCH(%s)) *matches += 1;\n",$1 }' */ + + if (! MEMCACHED_MATCH(MCDC_SET)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_ADD)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_REPLACE)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_APPEND)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_PREPEND)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_CAS)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_GET)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_GETS)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_DELETE)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_INCR)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_DECR)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_TOUCH)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_GAT)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_GATS)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDC_STATS)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_ERROR)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_CLIENT_ERROR)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_SERVER_ERROR)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_STORED)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_NOT_STORED)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_EXISTS)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_NOT_FOUND)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_END)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_DELETED)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_TOUCHED)) *matches += 1; + else if (! MEMCACHED_MATCH(MCDR_STAT)) *matches += 1; + + if (*matches >= MEMCACHED_MIN_MATCH) + ndpi_int_memcached_add_connection(ndpi_struct, flow); +} + +void init_memcached_dissector( + struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("MEMCACHED", + ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_MEMCACHED, + ndpi_search_memcached, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/tests/pcap/memcached.cap b/tests/pcap/memcached.cap new file mode 100644 index 000000000..3b4c1a425 Binary files /dev/null and b/tests/pcap/memcached.cap differ -- cgit v1.2.3 From 335b3369689f8c338f9d7680490f500279ce9bba Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Thu, 16 Aug 2018 11:47:10 +0200 Subject: Hyperscan compilation fixes --- configure.seed | 28 ++++++++++++++++++---------- src/include/ndpi_typedefs.h | 3 +++ src/lib/ndpi_main.c | 2 +- 3 files changed, 22 insertions(+), 11 deletions(-) (limited to 'src/lib') diff --git a/configure.seed b/configure.seed index 993ee03fa..6b85c66e9 100644 --- a/configure.seed +++ b/configure.seed @@ -54,16 +54,24 @@ fi HS_LIB= HS_INC= -BKP=$LIBS -LIBS="$LIBS -lstdc++ -lm" -AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present])) -LIBS=$BKP - -if test "x$ac_cv_lib_hs_hs_compile_multi" = xyes; then : -AC_CHECK_LIB([m], [pow]) -AC_CHECK_LIB([stdc++], [main]) -HS_INC=`pkg-config --cflags libhs` -HS_LIB=`pkg-config --libs libhs` + +AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable nDPI build with Intel Hyperscan]) + +if test "${with_hyperscan+set}" = set; then + BKP=$LIBS + LIBS="$LIBS -lstdc++ -lm" + AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present])) + LIBS=$BKP + + if test "x$ac_cv_lib_hs_hs_compile_multi" = xyes; then : + AC_CHECK_LIB([m], [pow]) + AC_CHECK_LIB([stdc++], [main]) + HS_INC=`pkg-config --cflags libhs` + HS_LIB=`pkg-config --libs libhs` + else + AC_MSG_RESULT([Intel Hyperscan not found, exiting. See https://github.com/intel/hyperscan/blob/master/doc/dev-reference/getting_started.rst for install/build instructions]) + exit 1 + fi fi if test -f $PCAP_HOME/libpcap/libpcap.a; then : diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 5573c0e90..92111dd73 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -26,6 +26,9 @@ #include "ndpi_define.h" +/* Needed to have access to HAVE_* defines */ +#include "ndpi_config.h" + /* NDPI_LOG_LEVEL */ typedef enum { NDPI_LOG_ERROR, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 45490685f..4f1591700 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -47,7 +47,7 @@ #include "third_party/src/hash.c" #ifdef HAVE_HYPERSCAN -#include +#include #endif #ifdef HAVE_HYPERSCAN -- cgit v1.2.3 From 9847c2ccbbe3db62b39249126fb5c86298f37c9d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 16 Aug 2018 12:03:09 +0200 Subject: Generic protocol cleanup (work in progress) --- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 2 + src/lib/ndpi_main.c | 144 +++++++++++++++++++----------- src/lib/third_party/include/actypes.h | 14 +-- src/lib/third_party/include/ahocorasick.h | 6 +- src/lib/third_party/src/ahocorasick.c | 16 ++-- src/lib/third_party/src/node.c | 2 +- 7 files changed, 115 insertions(+), 71 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 5573c0e90..2c4c2c63a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1194,7 +1194,7 @@ struct ndpi_flow_struct { typedef struct { char *string_to_match, *string2_to_match, *pattern_to_match, *proto_name; int protocol_id; - ndpi_protocol_category_t proto_category; + ndpi_protocol_category_t protocol_category; ndpi_protocol_breed_t protocol_breed; } ndpi_protocol_match; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 78a58a7bf..64f1b5ee1 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8377,6 +8377,8 @@ ndpi_protocol_match host_match[] = { { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "baidu.com", NULL, NULL, "baidu", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 45490685f..164481cc4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -57,8 +57,12 @@ struct hs { }; #endif +#define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" + static int _ndpi_debug_callbacks = 0; +// #define MATCH_DEBUG 1 + /* implementation of the punycode check function */ int check_punycode_string(char * buffer , int len) { @@ -675,7 +679,9 @@ static int removeDefaultPort(ndpi_port_range *range, static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct, ndpi_automa *automa, - char *value, int protocol_id) { + char *value, u_int16_t protocol_id, + ndpi_protocol_category_t category, + ndpi_protocol_breed_t breed) { AC_PATTERN_t ac_pattern; if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { @@ -684,8 +690,16 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc } if(automa->ac_automa == NULL) return(-2); - ac_pattern.astring = value; - ac_pattern.rep.number = protocol_id; + ac_pattern.astring = value, + ac_pattern.rep.number = protocol_id, + ac_pattern.rep.category = (u_int16_t)category, + ac_pattern.rep.breed = (u_int16_t)breed; + +#ifdef MATCH_DEBUG + printf("Adding to automa [%s][protocol_id: %u][category: %u][breed: %u]\n", + value, protocol_id, category, breed); +#endif + if(value == NULL) ac_pattern.length = 0; else @@ -700,22 +714,25 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id, - ndpi_protocol_breed_t breed /* UNUSED */) + ndpi_protocol_category_t category, + ndpi_protocol_breed_t breed) { #ifdef DEBUG NDPI_LOG_DEBUG2(ndpi_struct, "[NDPI] Adding [%s][%d]\n", value, protocol_id); #endif - return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, value, protocol_id)); + return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, value, protocol_id, + category, breed)); } /* ****************************************************** */ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id, - ndpi_protocol_breed_t breed /* UNUSED */) { + ndpi_protocol_category_t category, + ndpi_protocol_breed_t breed) { return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa, - value, protocol_id)); + value, protocol_id, category, breed)); } /* ****************************************************** */ @@ -740,25 +757,34 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, { u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; - - ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match, - match->protocol_id, match->protocol_breed); - + static u_int16_t generic_id = NDPI_LAST_IMPLEMENTED_PROTOCOL; + u_int16_t p_id; + if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { - ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); - ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->proto_category; - ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; - ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; + if(match->protocol_id == NDPI_PROTOCOL_GENERIC) + ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(NDPI_CONST_GENERIC_PROTOCOL_NAME); + else + ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); + + ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; + ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->protocol_category; + ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; + + ndpi_set_proto_defaults(ndpi_mod, + ndpi_mod->proto_defaults[match->protocol_id].protoBreed, + ndpi_mod->proto_defaults[match->protocol_id].protoId, + no_master, no_master, + ndpi_mod->proto_defaults[match->protocol_id].protoName, + ndpi_mod->proto_defaults[match->protocol_id].protoCategory, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); } - ndpi_set_proto_defaults(ndpi_mod, - ndpi_mod->proto_defaults[match->protocol_id].protoBreed, - ndpi_mod->proto_defaults[match->protocol_id].protoId, - no_master, no_master, - ndpi_mod->proto_defaults[match->protocol_id].protoName, - ndpi_mod->proto_defaults[match->protocol_id].protoCategory, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_add_host_url_subprotocol(ndpi_mod, + match->string_to_match, + match->protocol_id, + match->protocol_category, + match->protocol_breed); } /* ******************************************************************** */ @@ -862,24 +888,25 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp for(i=0; host_match[i].string_to_match != NULL; i++) ndpi_init_protocol_match(ndpi_mod, &host_match[i]); -#ifdef DEBUG - ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n'); +#ifdef MATCH_DEBUG + // ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n'); #endif for(i=0; content_match[i].string_to_match != NULL; i++) ndpi_add_content_subprotocol(ndpi_mod, content_match[i].string_to_match, content_match[i].protocol_id, + content_match[i].protocol_category, content_match[i].protocol_breed); for(i=0; ndpi_en_bigrams[i] != NULL; i++) ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa, (char*)ndpi_en_bigrams[i], - 1); + 1, 1, 1); for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++) ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa, (char*)ndpi_en_impossible_bigrams[i], - 1); + 1, 1, 1); } /* ******************************************************************** */ @@ -1466,6 +1493,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CATEGORY_CUSTOM_1, + no_master, + no_master, NDPI_CONST_GENERIC_PROTOCOL_NAME, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, no_master, no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, @@ -1912,19 +1944,19 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp /* ****************************************************** */ -static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, void *param) { - int *matching_protocol_id = (int*)param; +static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) { int min_len = (txt->length < m->patterns->length) ? txt->length : m->patterns->length; - char *match, buf[64]; + char buf[64]; int min_buf_len = (txt->length > 63 /* sizeof(buf)-1 */) ? 63 : txt->length; - + u_int buf_len = strlen(buf); + strncpy(buf, txt->astring, min_buf_len); buf[min_buf_len] = '\0'; #ifdef MATCH_DEBUG - printf("Searching [to search: %s/%u][pattern: %s/%u] [len: %u][match_num: %u]\n", + printf("Searching [to search: %s/%u][pattern: %s/%u] [len: %u][match_num: %u][%s]\n", buf, txt->length, m->patterns->astring, m->patterns->length, min_len, - m->match_num); + m->match_num, m->patterns->astring); #endif /* @@ -1933,11 +1965,15 @@ static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, void *param) { specific match, paying more cpu cycles. */ - *matching_protocol_id = m->patterns[0].rep.number; + memcpy(match, &m->patterns[0].rep, sizeof(AC_REP_t)); - if(strncmp(buf, m->patterns->astring, min_len) == 0) { + if(((buf_len >= min_len) && (strncmp(&buf[buf_len-min_len], m->patterns->astring, min_len) == 0)) + || (strncmp(buf, m->patterns->astring, min_len) == 0) /* begins with */ + ) + { #ifdef MATCH_DEBUG - printf("Found match [%s][%s] [len: %u]\n", buf, m->patterns->astring, min_len); + printf("Found match [%s][%s] [len: %u][proto_id: %u]\n", + buf, m->patterns->astring, min_len, *matching_protocol_id); #endif return(1); /* If the pattern found matches the string at the beginning we stop here */ } else @@ -2195,6 +2231,7 @@ int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num) if(automa == NULL) return(-1); + memset(&ac_pattern, 0, sizeof(ac_pattern)); ac_pattern.astring = str; ac_pattern.rep.number = num; ac_pattern.length = strlen(ac_pattern.astring); @@ -2211,7 +2248,7 @@ void ndpi_finalize_automa(void *_automa) { ac_automata_finalize((AC_AUTOMATA_t*) /* ****************************************************** */ int ndpi_match_string(void *_automa, char *string_to_match) { - int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; AC_TEXT_t ac_input_text; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; @@ -2221,10 +2258,10 @@ int ndpi_match_string(void *_automa, char *string_to_match) { return(-2); ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match); - ac_automata_search(automa, &ac_input_text, (void*)&matching_protocol_id); + ac_automata_search(automa, &ac_input_text, &match); ac_automata_reset(automa); - return(matching_protocol_id > 0 ? 0 : -1); + return(match.number > 0 ? 0 : -1); } /* ****************************************************** */ @@ -2232,7 +2269,8 @@ int ndpi_match_string(void *_automa, char *string_to_match) { int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id) { AC_TEXT_t ac_input_text; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; - + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; + *id = -1; if((automa == NULL) || (string_to_match == NULL) @@ -2240,10 +2278,12 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id return(-2); ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match); - ac_automata_search(automa, &ac_input_text, (void*)id); + ac_automata_search(automa, &ac_input_text, &match); ac_automata_reset(automa); - return(*id != -1 ? 0 : -1); + *id = match.number; + + return(*id != NDPI_PROTOCOL_UNKNOWN ? 0 : -1); } /* *********************************************** */ @@ -2599,7 +2639,8 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, } else { if(do_add) ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, -NDPI_PROTOCOL_ACCEPTABLE); + NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + NDPI_PROTOCOL_ACCEPTABLE); else ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); } @@ -3989,6 +4030,8 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct /* printf("===> Loading %s as %u\n", name, category); */ + memset(&ac_pattern, 0, sizeof(ac_pattern)); + #ifdef HAVE_HYPERSCAN { struct hs_list *h = (struct hs_list*)malloc(sizeof(struct hs_list)); @@ -5558,7 +5601,7 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, u_int8_t is_host_match) { - int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; AC_TEXT_t ac_input_text; ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; @@ -5570,11 +5613,10 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru } ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; - ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id); - + ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, &match); ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); - return(matching_protocol_id); + return(match.number); } /* ****************************************************** */ @@ -5678,10 +5720,10 @@ int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_str int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, ndpi_automa *automa, char *bigram_to_match) { AC_TEXT_t ac_input_text; - int ret = 0; + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; if((automa->ac_automa == NULL) || (bigram_to_match == NULL)) - return(ret); + return(-1); if(!automa->ac_automa_finalized) { ac_automata_finalize((AC_AUTOMATA_t*)automa->ac_automa); @@ -5689,10 +5731,10 @@ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, } ac_input_text.astring = bigram_to_match, ac_input_text.length = 2; - ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&ret); + ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, &match); ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); - return(ret); + return(match.number); } /* ****************************************************** */ diff --git a/src/lib/third_party/include/actypes.h b/src/lib/third_party/include/actypes.h index 807e5026a..c09d787c6 100644 --- a/src/lib/third_party/include/actypes.h +++ b/src/lib/third_party/include/actypes.h @@ -42,9 +42,9 @@ typedef char AC_ALPHABET_t; * automata for further reference. we provisioned two possible types as a * union for this purpose. you can add your desired type in it. **/ -typedef union { - char * stringy; /* null-terminated string */ - unsigned long number; +typedef struct { + int number; + u_int16_t category, breed; } AC_REP_t; /* AC_PATTERN_t: @@ -112,20 +112,20 @@ typedef enum ac_automata_finalize() you can not add new patterns to the automata. */ } AC_ERROR_t; -/* MATCH_CALBACK_t: +/* MATCH_CALLBACK_t: * This is the call-back function type that must be given to automata at * initialization to report match occurrence to the caller. * at a match event, the automata will reach you using this function and sends * you a pointer to AC_MATCH_t. using that pointer you can handle * matches. you can send parameters to the call-back function when you call * ac_automata_search(). at call-back, the automata will sent you those - * parameters as the second parameter (void *) of MATCH_CALBACK_t. inside + * parameters as the second parameter (void *) of MATCH_CALLBACK_t. inside * the call-back function you can cast it to whatever you want. - * If you return 0 from MATCH_CALBACK_t function to the automata, it will + * If you return 0 from MATCH_CALLBACK_t function to the automata, it will * continue searching, otherwise it will return from ac_automata_search() * to your calling function. **/ -typedef int (*MATCH_CALBACK_f)(AC_MATCH_t *, AC_TEXT_t *, void *); +typedef int (*MATCH_CALLBACK_f)(AC_MATCH_t *, AC_TEXT_t *, AC_REP_t *); /* AC_PATTRN_MAX_LENGTH: * Maximum acceptable pattern length in AC_PATTERN_t.length diff --git a/src/lib/third_party/include/ahocorasick.h b/src/lib/third_party/include/ahocorasick.h index ea92e4a1b..192a0e728 100644 --- a/src/lib/third_party/include/ahocorasick.h +++ b/src/lib/third_party/include/ahocorasick.h @@ -36,7 +36,7 @@ typedef struct unsigned int all_nodes_max; /* Current max allocated memory for *all_nodes */ AC_MATCH_t match; /* Any match is reported with this */ - MATCH_CALBACK_f match_callback; /* Match call-back function */ + MATCH_CALLBACK_f match_callback; /* Match call-back function */ /* this flag indicates that if automata is finalized by * ac_automata_finalize() or not. 1 means finalized and 0 @@ -58,10 +58,10 @@ typedef struct } AC_AUTOMATA_t; -AC_AUTOMATA_t * ac_automata_init (MATCH_CALBACK_f mc); +AC_AUTOMATA_t * ac_automata_init (MATCH_CALLBACK_f mc); AC_ERROR_t ac_automata_add (AC_AUTOMATA_t * thiz, AC_PATTERN_t * str); void ac_automata_finalize (AC_AUTOMATA_t * thiz); -int ac_automata_search (AC_AUTOMATA_t * thiz, AC_TEXT_t * str, void * param); +int ac_automata_search (AC_AUTOMATA_t * thiz, AC_TEXT_t * str, AC_REP_t * param); void ac_automata_reset (AC_AUTOMATA_t * thiz); void ac_automata_release (AC_AUTOMATA_t * thiz); void ac_automata_display (AC_AUTOMATA_t * thiz, char repcast); diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c index fd6541dd7..371dc06f8 100644 --- a/src/lib/third_party/src/ahocorasick.c +++ b/src/lib/third_party/src/ahocorasick.c @@ -44,10 +44,10 @@ static void ac_automata_traverse_setfailure * FUNCTION: ac_automata_init * Initialize automata; allocate memories and set initial values * PARAMS: - * MATCH_CALBACK mc: call-back function + * MATCH_CALLBACK mc: call-back function * the call-back function will be used to reach the caller on match occurrence ******************************************************************************/ -AC_AUTOMATA_t * ac_automata_init (MATCH_CALBACK_f mc) +AC_AUTOMATA_t * ac_automata_init (MATCH_CALLBACK_f mc) { AC_AUTOMATA_t * thiz = (AC_AUTOMATA_t *)ndpi_malloc(sizeof(AC_AUTOMATA_t)); memset (thiz, 0, sizeof(AC_AUTOMATA_t)); @@ -159,7 +159,7 @@ void ac_automata_finalize (AC_AUTOMATA_t * thiz) * 0: success; continue searching; call-back sent me a 0 value * 1: success; stop searching; call-back sent me a non-0 value ******************************************************************************/ -int ac_automata_search (AC_AUTOMATA_t * thiz, AC_TEXT_t * txt, void * param) +int ac_automata_search (AC_AUTOMATA_t * thiz, AC_TEXT_t * txt, AC_REP_t * param) { unsigned long position; AC_NODE_t *curr; @@ -283,10 +283,10 @@ void ac_automata_display (AC_AUTOMATA_t * thiz, char repcast) switch (repcast) { case 'n': - printf("%ld", sid.rep.number); - break; - case 's': - printf("%s", sid.rep.stringy); + printf("%u/%u/%u", + sid.rep.number, + sid.rep.category, + sid.rep.breed); break; } } @@ -304,7 +304,7 @@ static void ac_automata_register_nodeptr (AC_AUTOMATA_t * thiz, AC_NODE_t * node { if(thiz->all_nodes_num >= thiz->all_nodes_max) { - thiz->all_nodes = ndpi_realloc(thiz->all_nodes, + thiz->all_nodes = ndpi_realloc(thiz->all_nodes, thiz->all_nodes_max*sizeof(AC_NODE_t *), (REALLOC_CHUNK_ALLNODES+thiz->all_nodes_max)*sizeof(AC_NODE_t *) ); diff --git a/src/lib/third_party/src/node.c b/src/lib/third_party/src/node.c index a43cc59a6..4da04de9b 100644 --- a/src/lib/third_party/src/node.c +++ b/src/lib/third_party/src/node.c @@ -192,7 +192,7 @@ void node_register_matchstr (AC_NODE_t * thiz, AC_PATTERN_t * str) thiz->matched_patterns[thiz->matched_patterns_num].astring = str->astring; thiz->matched_patterns[thiz->matched_patterns_num].length = str->length; - thiz->matched_patterns[thiz->matched_patterns_num].rep = str->rep; + memcpy(&thiz->matched_patterns[thiz->matched_patterns_num].rep, &str->rep, sizeof(AC_REP_t)); thiz->matched_patterns_num++; } -- cgit v1.2.3 From 01bf295a19c19dc4f521ee40f0c478c794e1b5e4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 16 Aug 2018 14:57:44 +0200 Subject: Completed custom category implementation --- example/ndpiReader.c | 81 +++++++++++++++++---------- src/include/ndpi_api.h | 6 ++ src/include/ndpi_main.h | 60 ++++++++++++++------ src/include/ndpi_typedefs.h | 9 ++- src/lib/Makefile | 2 +- src/lib/ndpi_main.c | 108 +++++++++++++++++++++++++----------- src/lib/protocols/dns.c | 8 ++- src/lib/protocols/fbzero.c | 4 +- src/lib/protocols/http.c | 27 ++++++--- src/lib/protocols/quic.c | 2 + src/lib/protocols/ssl.c | 67 +++++++++++----------- tests/result/pps.pcap.out | 4 +- tests/result/webex.pcap.out | 58 +++++++++---------- tests/result/whatsappfiles.pcap.out | 4 +- 14 files changed, 283 insertions(+), 157 deletions(-) (limited to 'src/lib') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 39748cd90..faa453ee2 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -111,7 +111,6 @@ struct flow_info { static struct flow_info *all_flows; - struct info_pair { u_int32_t addr; u_int8_t version; /* IP version */ @@ -135,16 +134,15 @@ struct port_stats { u_int32_t cumulative_addr; /*cumulative some of IP addresses */ addr_node *addr_tree; /* tree of distinct IP addresses */ struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; - u_int8_t hasTopHost; /* as boolean flag*/ - u_int32_t top_host; /*host that is contributed to > 95% of traffic*/ - u_int8_t version; /* top host's ip version */ - char proto[16]; /*application level protocol of top host */ - UT_hash_handle hh; /* makes this structure hashable */ + u_int8_t hasTopHost; /* as boolean flag */ + u_int32_t top_host; /* host that is contributed to > 95% of traffic */ + u_int8_t version; /* top host's ip version */ + char proto[16]; /* application level protocol of top host */ + UT_hash_handle hh; /* makes this structure hashable */ }; struct port_stats *srcStats = NULL, *dstStats = NULL; - // struct to hold count of flows received by destination ports struct port_flow_info { u_int32_t port; /* key */ @@ -349,6 +347,8 @@ struct ndpi_proto_sorter { char name[16]; }; +/* ********************************** */ + int cmpProto(const void *_a, const void *_b) { struct ndpi_proto_sorter *a = (struct ndpi_proto_sorter*)_a; struct ndpi_proto_sorter *b = (struct ndpi_proto_sorter*)_b; @@ -356,6 +356,8 @@ int cmpProto(const void *_a, const void *_b) { return(strcmp(a->name, b->name)); } +/* ********************************** */ + int cmpFlows(const void *_a, const void *_b) { struct ndpi_flow_info *fa = ((struct flow_info*)_a)->flow; struct ndpi_flow_info *fb = ((struct flow_info*)_b)->flow; @@ -375,6 +377,8 @@ int cmpFlows(const void *_a, const void *_b) { return(0); } +/* ********************************** */ + void extcap_config() { int i, argidx = 0; struct ndpi_proto_sorter *protos; @@ -656,12 +660,12 @@ static void parseOptions(int argc, char **argv) { #endif } +/* ********************************** */ /** * @brief From IPPROTO to string NAME */ static char* ipProto2Name(u_int16_t proto_id) { - static char proto[8]; switch(proto_id) { @@ -689,12 +693,12 @@ static char* ipProto2Name(u_int16_t proto_id) { return(proto); } +/* ********************************** */ /** * @brief A faster replacement for inet_ntoa(). */ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { - char *cp, *retStr; uint byte; int n; @@ -723,6 +727,8 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { return(retStr); } +/* ********************************** */ + /** * @brief Print the flow */ @@ -792,16 +798,20 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->dst_port))); if(flow->detected_protocol.master_protocol) - json_object_object_add(jObj,"detected.master_protocol",json_object_new_int(flow->detected_protocol.master_protocol)); + json_object_object_add(jObj,"detected.master_protocol", + json_object_new_int(flow->detected_protocol.master_protocol)); - json_object_object_add(jObj,"detected.app_protocol",json_object_new_int(flow->detected_protocol.app_protocol)); + json_object_object_add(jObj,"detected.app_protocol", + json_object_new_int(flow->detected_protocol.app_protocol)); if(flow->detected_protocol.master_protocol) { char tmp[256]; snprintf(tmp, sizeof(tmp), "%s.%s", - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.master_protocol), - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.master_protocol), + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.app_protocol)); json_object_object_add(jObj,"detected.protocol.name", json_object_new_string(tmp)); @@ -836,12 +846,13 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa } } +/* ********************************** */ /** * @brief Unknown Proto Walker */ -static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - +static void node_print_unknown_proto_walker(const void *node, + ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); @@ -854,11 +865,13 @@ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, } } +/* ********************************** */ + /** * @brief Known Proto Walker */ -static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - +static void node_print_known_proto_walker(const void *node, + ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); @@ -871,6 +884,7 @@ static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, in } } +/* ********************************** */ /** * @brief Guess Undetected Protocol @@ -890,6 +904,7 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi return(flow->detected_protocol.app_protocol); } +/* ********************************** */ /** * @brief Proto Guess Walker @@ -909,6 +924,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->src2dst_packets + flow->dst2src_packets; ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->src2dst_bytes + flow->dst2src_bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; @@ -1354,7 +1370,6 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi * @brief Idle Scan Walker */ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t thread_id = *((u_int16_t *) user_data); @@ -1386,7 +1401,6 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, static void on_protocol_discovered(struct ndpi_workflow * workflow, struct ndpi_flow_info * flow, void * udata) { - const u_int16_t thread_id = (uintptr_t) udata; if(verbose > 1) { @@ -1446,7 +1460,6 @@ static void debug_printf(u_int32_t protocol, void *id_struct, * @brief Setup for detection begin */ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { - NDPI_PROTOCOL_BITMASK all; struct ndpi_workflow_prefs prefs; @@ -1468,16 +1481,20 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { ndpi_pref_enable_category_substring_match, 1); ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow, - on_protocol_discovered, (void *)(uintptr_t)thread_id); + on_protocol_discovered, + (void *)(uintptr_t)thread_id); // enable all protocols NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all); // clear memory for results - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter)); - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes)); - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows)); if(_protoFilePath != NULL) ndpi_load_protocols_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _protoFilePath); @@ -1608,7 +1625,9 @@ static void json_open_stats_file() { static void json_close_stats_file() { json_object *jObjFinal = json_object_new_object(); - json_object_object_add(jObjFinal,"duration.in.seconds",json_object_new_int(pcap_analysis_duration)); + + json_object_object_add(jObjFinal,"duration.in.seconds", + json_object_new_int(pcap_analysis_duration)); json_object_object_add(jObjFinal,"statistics", jArray_topStats); fprintf(stats_fp,"%s\n",json_object_to_json_string(jObjFinal)); fclose(stats_fp); @@ -1910,8 +1929,10 @@ static void printResults(u_int64_t tot_usec) { continue; for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); - if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], + node_proto_guess_walker, &thread_id); + if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], + port_stats_walker, &thread_id); } /* Stats aggregation */ @@ -2396,11 +2417,11 @@ static void pcap_process_packet(u_char *args, if(live_capture) { if(ndpi_thread_info[thread_id].last_idle_scan_time + IDLE_SCAN_PERIOD < ndpi_thread_info[thread_id].workflow->last_time) { /* scan for idle flows */ - ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_idle_scan_walker, &thread_id); + ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], + node_idle_scan_walker, &thread_id); /* remove idle flows (unfortunately we cannot do this inline) */ - while (ndpi_thread_info[thread_id].num_idle_flows > 0) { - + while(ndpi_thread_info[thread_id].num_idle_flows > 0) { /* search and delete the idle flow from the "ndpi_flow_root" (see struct reader thread) - here flows are the node of a b-tree */ ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows], &ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 358c0491c..3fefc8e4b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -346,6 +346,7 @@ extern "C" { * @par ndpi_struct = the detection module * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par is_host_match = value of the second field of struct ndpi_automa * @return the ID of the matched subprotocol * @@ -353,6 +354,7 @@ extern "C" { int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match); /** * Check if the host passed match with a protocol @@ -361,6 +363,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -369,6 +372,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); @@ -379,6 +383,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -387,6 +392,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); /** * Exclude protocol from search diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index b18efa21a..3517d45b2 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -53,34 +53,55 @@ extern "C" { extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, u_int32_t net, u_int32_t num_bits); - u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - - u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + + u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); - extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); + extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t counter); - extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, - u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, + extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category); + + extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_breed_t protoBreed, u_int16_t protoId, + u_int16_t tcp_alias_protoId[2], + u_int16_t udp_alias_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts); + ndpi_port_range *tcpDefPorts, + ndpi_port_range *udpDefPorts); extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet); extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow); @@ -90,8 +111,10 @@ extern "C" { extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); - extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip); - extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet); + extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const ndpi_ip_addr_t * ip); + extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const struct ndpi_packet_struct *packet); extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); @@ -102,7 +125,8 @@ extern "C" { extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto); extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p); - extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, + extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, + u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); #/* NDPI_PROTOCOL_NETBIOS */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 244074044..3d0eccab7 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1099,8 +1099,9 @@ struct ndpi_flow_struct { /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */ NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; - + ndpi_protocol_category_t category; + /* NDPI_PROTOCOL_REDIS */ u_int8_t redis_s2d_first_char, redis_d2s_first_char; @@ -1207,4 +1208,10 @@ typedef struct { u_int8_t value; } ndpi_network; +typedef struct { + int protocol_id; + ndpi_protocol_category_t protocol_category; + ndpi_protocol_breed_t protocol_breed; +} ndpi_protocol_match_result; + #endif /* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/Makefile b/src/lib/Makefile index c9f317931..19c6f1cfe 100644 --- a/src/lib/Makefile +++ b/src/lib/Makefile @@ -6,7 +6,7 @@ # make -f Makefile.simple # CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g -RANLIB=ranlib +RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 494c93bd0..952026ce6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -413,15 +413,13 @@ u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return sizeof(struct /* *********************************************************************************** */ -char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) -{ +char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) { return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName); } /* *********************************************************************************** */ -u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) -{ +u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod); for(i = 0; i < num; i++) @@ -438,8 +436,7 @@ ndpi_port_range * ndpi_build_default_ports_range(ndpi_port_range *ports, u_int16_t portB_low, u_int16_t portB_high, u_int16_t portC_low, u_int16_t portC_high, u_int16_t portD_low, u_int16_t portD_high, - u_int16_t portE_low, u_int16_t portE_high) -{ + u_int16_t portE_low, u_int16_t portE_high) { int i = 0; ports[i].port_low = portA_low, ports[i].port_high = portA_high; i++; @@ -458,8 +455,7 @@ ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, u_int16_t portB, u_int16_t portC, u_int16_t portD, - u_int16_t portE) -{ + u_int16_t portE) { int i = 0; ports[i].port_low = portA, ports[i].port_high = portA; i++; @@ -753,8 +749,7 @@ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct /* ******************************************************************** */ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_protocol_match *match) -{ + ndpi_protocol_match *match) { u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; static u_int16_t generic_id = NDPI_LAST_IMPLEMENTED_PROTOCOL; @@ -2634,7 +2629,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { -/* NDPI_PROTOCOL_TOR */ + /* NDPI_PROTOCOL_TOR */ ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); } else { if(do_add) @@ -4172,6 +4167,11 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { + if(flow->category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) { + ret->category = flow->category; + return; + } + if(ndpi_struct->custom_categories.categories_loaded) { if(flow->packet.iph) { prefix_t prefix; @@ -4189,7 +4189,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc } if(node) { - ret->category = (ndpi_protocol_category_t)node->value.user_value; + flow->category = ret->category = (ndpi_protocol_category_t)node->value.user_value; return; } } @@ -4199,7 +4199,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->host_server_name, &id); if(rc == 0) { - ret->category = (ndpi_protocol_category_t)id; + flow->category = ret->category = (ndpi_protocol_category_t)id; return; } } @@ -4209,13 +4209,13 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.server_certificate, &id); if(rc == 0) { - ret->category = (ndpi_protocol_category_t)id; + flow->category = ret->category = (ndpi_protocol_category_t)id; return; } } } - ret->category = ndpi_get_proto_category(ndpi_struct, *ret); + flow->category = ret->category = ndpi_get_proto_category(ndpi_struct, *ret); } /* ********************************************************************************* */ @@ -4347,6 +4347,19 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; + + if(flow->packet.tcp) { + /* Minimal guess for HTTP/SSL-based protocols */ + switch(ntohs(flow->packet.tcp->dest)) { + case 80: + ret.master_protocol = NDPI_PROTOCOL_HTTP; + break; + case 443: + ret.master_protocol = NDPI_PROTOCOL_SSL; /* QUIC could also match */ + break; + } + } + ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet); ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); @@ -4921,10 +4934,11 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct /* ********************************************************************************* */ -u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return, - u_int8_t * l4_protocol_return, u_int32_t flags) -{ - return ndpi_detection_get_l4_internal(NULL, l3, l3_len, l4_return, l4_len_return, l4_protocol_return, flags); +u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, + const u_int8_t ** l4_return, u_int16_t * l4_len_return, + u_int8_t * l4_protocol_return, u_int32_t flags) { + return ndpi_detection_get_l4_internal(NULL, l3, l3_len, + l4_return, l4_len_return, l4_protocol_return, flags); } /* ********************************************************************************* */ @@ -4932,8 +4946,7 @@ u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_in void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol) -{ + u_int16_t lower_detected_protocol) { struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -4969,7 +4982,8 @@ void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str u_int16_t lower_detected_protocol) { if(!flow) return; - flow->detected_protocol_stack[0] = upper_detected_protocol, flow->detected_protocol_stack[1] = lower_detected_protocol; + flow->detected_protocol_stack[0] = upper_detected_protocol, + flow->detected_protocol_stack[1] = lower_detected_protocol; } /* ********************************************************************************* */ @@ -5018,6 +5032,14 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ +void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category) { + flow->category = protocol_category; +} + +/* ********************************************************************************* */ + /* change protocol only if guessing is active */ /* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */ /* struct ndpi_flow_struct *flow) */ @@ -5600,22 +5622,29 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { - AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; AC_TEXT_t ac_input_text; - ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; - - if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); + ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : + &ndpi_struct->content_automa; + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; + + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) + return(NDPI_PROTOCOL_UNKNOWN); if(!automa->ac_automa_finalized) { ac_automata_finalize((AC_AUTOMATA_t*)automa->ac_automa); automa->ac_automa_finalized = 1; } - + ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, &match); ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); - + + ret_match->protocol_id = match.number, + ret_match->protocol_category = match.category, + ret_match->protocol_breed = match.breed; + return(match.number); } @@ -5627,10 +5656,15 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { - int matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len, is_host_match); + int matching_protocol_id; struct ndpi_packet_struct *packet = &flow->packet; + matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, + string_to_match_len, ret_match, + is_host_match); + #ifdef DEBUG { char m[256]; @@ -5650,8 +5684,9 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str packet->detected_protocol_stack[0] = matching_protocol_id; flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0], - flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1]; - + flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1], + flow->category = ret_match->protocol_category; + return(packet->detected_protocol_stack[0]); } @@ -5679,10 +5714,15 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id, + ndpi_automa_match_string_subprotocol *ret_match, u_int8_t is_host_match) { int rv = NDPI_PROTOCOL_UNKNOWN; struct hs *hs = (struct hs*)ndpi_struct->hyperscan; + /* + TODO HYPERSCAN + In case of match fill up ret_match and set flow protocol + category + */ if(hs_scan(hs->database, string_to_match, string_to_match_len, 0, hs->scratch, hyperscanEventHandler, &rv) != HS_SUCCESS) @@ -5698,10 +5738,11 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, string_to_match, string_to_match_len, - master_protocol_id, 1)); + master_protocol_id, ret_match, 1)); } /* ****************************************************** */ @@ -5709,10 +5750,11 @@ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, string_to_match, string_to_match_len, - master_protocol_id, 0)); + master_protocol_id, ret_match, 0)); } /* ****************************************************** */ diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 6ffa74a27..90be9544c 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -207,12 +207,16 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs); - if(j > 0) + if(j > 0) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_DNS); - + } + #ifdef DNS_DEBUG NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", flow->protos.dns.num_queries, flow->protos.dns.num_answers, diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c index 3048bff79..6c818e3c7 100644 --- a/src/lib/protocols/fbzero.c +++ b/src/lib/protocols/fbzero.c @@ -84,7 +84,8 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct, && (t->tag[2] == 'I') && (t->tag[3] == '\0')) { char *value = (char*)&packet->payload[data_offset + data_prev_offset]; u_int tag_len = t->tag_offset_len-data_prev_offset, max_len; - + ndpi_protocol_match_result ret_match; + max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1); strncpy((char*)flow->host_server_name, value, max_len); @@ -99,6 +100,7 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct, ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_FBZERO); return; } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index e03b48710..94d918e76 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -172,7 +172,8 @@ static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct, static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { if((flow->l4.tcp.http_stage == 0) || (flow->http.url && flow->http_detected)) { char *double_col = strchr((char*)flow->host_server_name, ':'); - + ndpi_protocol_match_result ret_match; + if(double_col) double_col[0] = '\0'; /** @@ -182,6 +183,7 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc */ ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_HTTP); } } @@ -349,12 +351,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ packet->host_line.len, packet->host_line.ptr); /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */ - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) + if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len, + &ret_match, NDPI_PROTOCOL_HTTP); - + } + /* Copy result for nDPI apps */ if(!ndpi_struct->disable_metadata_export) { len = ndpi_min(packet->host_line.len, sizeof(flow->host_server_name)-1); @@ -395,12 +401,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) - && (packet->http_origin.len > 0)) + && (packet->http_origin.len > 0)) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)packet->http_origin.ptr, packet->http_origin.len, + &ret_match, NDPI_PROTOCOL_HTTP); - + } + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { NDPI_LOG_INFO(ndpi_struct, "found HTTP/%s\n", @@ -440,10 +450,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) + if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) { + ndpi_protocol_match_result ret_match; + ndpi_match_content_subprotocol(ndpi_struct, flow, (char*)packet->content_line.ptr, packet->content_line.len, - NDPI_PROTOCOL_HTTP); + &ret_match, NDPI_PROTOCOL_HTTP); + } } } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 4c838f41f..e28db634a 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -107,6 +107,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, if((sni_offset+len) < udp_len) { if(!ndpi_struct->disable_metadata_export) { int max_len = sizeof(flow->host_server_name)-1, j = 0; + ndpi_protocol_match_result ret_match; if(len > max_len) len = max_len; @@ -118,6 +119,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_QUIC); } } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index a277f8120..b8c36976b 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -327,13 +327,13 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi } /* Client hello, Server Hello, and certificate packets probably all checked in this case */ if ((packet->ssl_certificate_num_checks >= 3) - && (flow->l4.tcp.seen_syn) - && (flow->l4.tcp.seen_syn_ack) - && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) - { - /* We're done processing extra packets since we've probably checked all possible cert packets */ - return 0; - } + && (flow->l4.tcp.seen_syn) + && (flow->l4.tcp.seen_syn_ack) + && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) + { + /* We're done processing extra packets since we've probably checked all possible cert packets */ + return 0; + } } /* 1 means keep looking for more packets */ return 1; @@ -368,22 +368,27 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s #ifdef CERTIFICATE_DEBUG NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate); #endif + ndpi_protocol_match_result ret_match; u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, - strlen(certificate), NDPI_PROTOCOL_SSL); + strlen(certificate), + &ret_match, + NDPI_PROTOCOL_SSL); + if(subproto != NDPI_PROTOCOL_UNKNOWN) { - /* If we've detected the subprotocol from client certificate but haven't had a chance - * to see the server certificate yet, set up extra packet processing to wait - * a few more packets. */ - if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { - sslInitExtraPacketProcessing(0, flow); - } - ndpi_set_detected_protocol(ndpi_struct, flow, subproto, - ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); - return(rc); /* Fix courtesy of Gianluca Costa */ - } + /* If we've detected the subprotocol from client certificate but haven't had a chance + * to see the server certificate yet, set up extra packet processing to wait + * a few more packets. */ + if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { + sslInitExtraPacketProcessing(0, flow); + } + + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, + ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); + return(rc); /* Fix courtesy of Gianluca Costa */ + } - if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) - return(rc); + if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) + return(rc); } if(((packet->ssl_certificate_num_checks >= 2) @@ -394,9 +399,9 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s /* || (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') */ ) { ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); - } + } + } } - } return(0); } @@ -480,7 +485,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL_NO_CERT); } else NDPI_LOG_INFO(ndpi_struct, "found ssl\n"); - ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); + ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } } @@ -516,16 +521,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct u_int32_t cert_start; NDPI_LOG_DBG2(ndpi_struct, - "maybe SSLv3 server hello split into smaller packets\n"); + "maybe SSLv3 server hello split into smaller packets\n"); /* lets hope at least the server hello and the start of the certificate block are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 4; NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", - cert_start); + cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { NDPI_LOG_DBG2(ndpi_struct, - "found 0x0b at suspected start of certificate block\n"); + "found 0x0b at suspected start of certificate block\n"); return 2; } } @@ -536,16 +541,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct u_int32_t cert_start; NDPI_LOG_DBG2(ndpi_struct, - "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); + "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); /* lets hope at least the server hello record and the start of the certificate record are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 5 + 4; NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", - cert_start); + cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { NDPI_LOG_DBG2(ndpi_struct, - "found 0x0b at suspected start of certificate block\n"); + "found 0x0b at suspected start of certificate block\n"); return 2; } } @@ -603,7 +608,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc * so go on checking for certificate patterns for a couple more packets */ NDPI_LOG_DBG2(ndpi_struct, - "ssl flow but check another packet for patterns\n"); + "ssl flow but check another packet for patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { /* still ssl so check another packet */ @@ -685,7 +690,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc return; } else if(ret == 2) { NDPI_LOG_DBG2(ndpi_struct, - "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); + "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { flow->l4.tcp.ssl_stage = 3; diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 5b3c3e7ce..a8259c514 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -23,11 +23,11 @@ GenericProtocol 1429 1780307 49 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index fbf341918..ecd0f6432 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -6,36 +6,36 @@ Google 17 6375 1 Webex 1380 818407 43 Amazon 3 174 1 - 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] - 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] - 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] - 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] - 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] - 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] - 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] + 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] + 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] + 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] + 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] + 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] + 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] + 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes] - 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] + 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] - 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] - 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] - 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] - 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] - 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] - 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] - 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] - 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] + 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] + 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] + 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] + 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] + 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] + 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] + 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com] - 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] - 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] - 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] - 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] + 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] + 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] + 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] + 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes] 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes] 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes] @@ -44,8 +44,8 @@ Amazon 3 174 1 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes] - 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] - 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] + 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] + 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out index e6e8f0fa7..40d4fa391 100644 --- a/tests/result/whatsappfiles.pcap.out +++ b/tests/result/whatsappfiles.pcap.out @@ -1,4 +1,4 @@ WhatsAppFiles 620 452233 2 - 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes] - 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes] + 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes] + 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes] -- cgit v1.2.3 From 3091dc3c4880d3d51cc5a0df6004e941c24f9e28 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 16 Aug 2018 15:23:30 +0200 Subject: Fix for #400 --- src/include/ndpi_typedefs.h | 3 +++ src/lib/protocols/directconnect.c | 3 +-- src/lib/protocols/whatsapp.c | 23 ++++++++++++++++++++--- 3 files changed, 24 insertions(+), 5 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 3d0eccab7..1a9924d36 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -475,6 +475,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_QQ */ u_int16_t qq_nxt_len; + /* NDPI_PROTOCOL_WHATSAPP */ + u_int8_t wa_matched_so_far; + /* NDPI_PROTOCOL_TDS */ u_int8_t tds_login_version; diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 6072c3697..5088685e4 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -78,8 +78,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s const u_int8_t connection_type) { - struct ndpi_packet_struct *packet = &flow->packet; - + struct ndpi_packet_struct *packet = &flow->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index 6a98eac6b..6964a8e0e 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -33,12 +33,30 @@ void ndpi_search_whatsapp(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search WhatsApp\n"); + if(flow->l4.tcp.wa_matched_so_far == 0) { + if(memcmp(packet->payload, whatsapp_sequence, packet->payload_packet_len)) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } else + flow->l4.tcp.wa_matched_so_far = packet->payload_packet_len; + + return; + } else { + if(memcmp(packet->payload, &whatsapp_sequence[flow->l4.tcp.wa_matched_so_far], + sizeof(whatsapp_sequence)-flow->l4.tcp.wa_matched_so_far)) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + else + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + + return; + } + if((packet->payload_packet_len > 240) && (memcmp(packet->payload, whatsapp_sequence, sizeof(whatsapp_sequence)) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found WhatsApp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); - } else - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -53,4 +71,3 @@ void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - -- cgit v1.2.3 From 7e41309fa997323b6d86a92368bc3f3ce6d8d86a Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Thu, 16 Aug 2018 15:43:35 +0200 Subject: Hyperscan compilation fix --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 952026ce6..c61227a9f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5714,7 +5714,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id, - ndpi_automa_match_string_subprotocol *ret_match, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { int rv = NDPI_PROTOCOL_UNKNOWN; struct hs *hs = (struct hs*)ndpi_struct->hyperscan; -- cgit v1.2.3 From 579f1b05dbc351f310cfbbb0ff01c0682bc7f4f0 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Thu, 16 Aug 2018 19:42:04 +0200 Subject: Adds hyperscan support for Apple and Dropbox --- src/lib/ndpi_content_match.c.inc | 87 ++++++++++++++++++++++++---------------- src/lib/ndpi_main.c | 86 +++++++++++++++++++++------------------ 2 files changed, 99 insertions(+), 74 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 64f1b5ee1..0d1e15ce0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7954,6 +7954,7 @@ static ndpi_network host_protocol_list[] = { { 0x0, 0, 0 } }; + /* ****************************************************** */ /* @@ -8006,44 +8007,62 @@ static ndpi_network host_protocol_list[] = { */ +/* ****************************************************** */ + +/* + +Each part of a domain name can be no longer than 63 characters. There are no single-digit top-level domains and none contain digits. It doesn't look like ICANN will approve such domains either. + +https://www.regular-expressions.info/email.html + +We also add an optional .co to match domains such as .co.uk + +(?i) is to make searches case insensitive +*/ + +#define TLD "(?i)(\\.co){0,1}\\.[a-z]{2,63}$" + +/* ****************************************************** */ + ndpi_protocol_match host_match[] = { - { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "s3-dub.cf.dash.row.aiv-cdn.net", NULL, "s3-dub\\.cf\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "dmqdd6hw24ucf.cloudfront.net", NULL, "dmqdd6hw24ucf\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "d25xi40x97liuc.cloudfront.net", NULL, "d25xi40x97liuc\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".aiv-delivery.net", NULL, "\\.aiv-delivery\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon-adsystem.com", NULL, "amazon-adsystem\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cloudfront.net", NULL, "\\.cloudfront\\.net$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".push.apple.com", NULL, NULL, "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { ".apple-dns.net", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".mzstatic.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "iosapps.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ - { "osxapps.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ - { "buy.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "su.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "se.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "myapp.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "swscan.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes-apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes.apple.com", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "tlnk.io", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { ".apple.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".icloud.com", NULL, NULL, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".cnn.c", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "dmqdd6hw24ucf.cloudfront.net", NULL, "dmqdd6hw24ucf\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "d25xi40x97liuc.cloudfront.net", NULL, "d25xi40x97liuc\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".aiv-delivery.net", NULL, "\\.aiv-delivery\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "amazon.com", NULL, "amazon" TLD, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "images-amazon.com", NULL, "images-amazon" TLD, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", NULL, "amazonaws" TLD, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon-adsystem.com", NULL, "amazon-adsystem" TLD, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cloudfront.net", NULL, "\\.cloudfront" TLD, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".push.apple.com", NULL, "\\.push\\.apple" TLD, "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".apple-dns.net", NULL, "\\.apple-dns" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".mzstatic.com", NULL, "\\.mzstatic" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".aaplimg.com", NULL, "\\.aaplimg" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "aaplimg.com", NULL, "aaplimg" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".apple.com", NULL, "\\.apple" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".icloud.com", NULL, "\\.icloud" TLD, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "iosapps.itunes.apple.com", NULL, "iosapps\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ + { "osxapps.itunes.apple.com", NULL, "osxapps\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ + { "buy.itunes.apple.com", NULL, "buy\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "su.itunes.apple.com", NULL, "su\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "se.itunes.apple.com", NULL, "se\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "myapp.itunes.apple.com", NULL, "myapp\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "swscan.apple.com", NULL, "swscan\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes-apple.com", NULL, "itunes-apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes.apple.com", NULL, "itunes\\.apple" TLD, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tlnk.io", NULL, "tlnk" TLD, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + + { ".cnn.c", NULL, "\\.cnn" TLD, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".cnn.net", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".dropbox.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dropboxstatic.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dropbox-dns.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "log.getdropbox.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropbox.com", NULL, ".\\dropbox" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropboxstatic.com", NULL, "\\.dropboxstatic" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropbox-dns.com", NULL, "\\.dropbox-dns" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "log.getdropbox.com", NULL, "log\\.getdropbox" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebay.", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ { ".ebay.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c61227a9f..85cd4b9eb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5648,9 +5648,23 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru return(match.number); } -/* ****************************************************** */ +#ifdef HAVE_HYPERSCAN -#ifndef HAVE_HYPERSCAN +/* ******************************************************************** */ + +static int hyperscanEventHandler(unsigned int id, unsigned long long from, + unsigned long long to, unsigned int flags, void *ctx) { + *((int *)ctx) = (int)id; + + NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Match with: %d [from: %llu][to: %llu]\n", id, from, to); + + /* return HS_SCAN_TERMINATED; */ + return 0; /* keep searching */ +} + +#endif + +/* ****************************************************** */ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, @@ -5658,13 +5672,40 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str u_int16_t master_protocol_id, ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { - int matching_protocol_id; + int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; struct ndpi_packet_struct *packet = &flow->packet; +#ifndef HAVE_HYPERSCAN matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len, ret_match, is_host_match); - + +#else + struct hs *hs = (struct hs*)ndpi_struct->hyperscan; + hs_error_t status; + /* + TODO HYPERSCAN + In case of match fill up ret_match and set flow protocol + category + */ + status = hs_scan(hs->database, string_to_match, + string_to_match_len, 0, hs->scratch, + hyperscanEventHandler, &matching_protocol_id); + + if(status == HS_SUCCESS) { + NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan engine completed normally. Result: %s [%d][%s]\n", + ndpi_get_proto_name(ndpi_struct, matching_protocol_id), matching_protocol_id, string_to_match); + } else if(status == HS_SCAN_TERMINATED) { + NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan engine was terminated by callback. Result: %s [%d][%s]\n", + ndpi_get_proto_name(ndpi_struct, matching_protocol_id), matching_protocol_id, string_to_match); + } else { + NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan returned with error.\n"); + } + + ret_match->protocol_id = matching_protocol_id, + ret_match->protocol_category = ndpi_struct->proto_defaults[matching_protocol_id].protoCategory, + ret_match->protocol_breed = ndpi_struct->proto_defaults[matching_protocol_id].protoBreed; +#endif + #ifdef DEBUG { char m[256]; @@ -5686,7 +5727,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0], flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1], flow->category = ret_match->protocol_category; - + return(packet->detected_protocol_stack[0]); } @@ -5698,41 +5739,6 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str return(NDPI_PROTOCOL_UNKNOWN); } -#else - -/* ******************************************************************** */ - -static int hyperscanEventHandler(unsigned int id, unsigned long long from, - unsigned long long to, unsigned int flags, void *ctx) { - *((int *)ctx) = (int)id; - return HS_SCAN_TERMINATED; -} - -/* *********************************************** */ - -static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len, - u_int16_t master_protocol_id, - ndpi_protocol_match_result *ret_match, - u_int8_t is_host_match) { - int rv = NDPI_PROTOCOL_UNKNOWN; - struct hs *hs = (struct hs*)ndpi_struct->hyperscan; - - /* - TODO HYPERSCAN - In case of match fill up ret_match and set flow protocol + category - */ - if(hs_scan(hs->database, string_to_match, - string_to_match_len, 0, hs->scratch, - hyperscanEventHandler, &rv) != HS_SUCCESS) - NDPI_LOG_ERR(ndpi_struct, "[NDPI] Hyperscan match returned error\n"); - - return rv; -} - -#endif - /* ****************************************************** */ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, -- cgit v1.2.3 From 06befec642103bb4b20be3ac9227fe42d92fde1b Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Thu, 16 Aug 2018 22:24:15 -0400 Subject: Remove autoconf include from typedefs headers. Including this file in any "public" API header breaks all projects that also use autotools because macros such as PACKAGE_VERSION will be redefined. Signed-off-by: Darryl Sokoloski --- src/include/ndpi_typedefs.h | 11 ----------- src/lib/ndpi_main.c | 8 ++++++-- 2 files changed, 6 insertions(+), 13 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 1a9924d36..44248dfb9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -26,9 +26,6 @@ #include "ndpi_define.h" -/* Needed to have access to HAVE_* defines */ -#include "ndpi_config.h" - /* NDPI_LOG_LEVEL */ typedef enum { NDPI_LOG_ERROR, @@ -854,14 +851,6 @@ typedef struct ndpi_proto { #define NUM_CUSTOM_CATEGORIES 5 #define CUSTOM_CATEGORY_LABEL_LEN 32 -#ifdef HAVE_HYPERSCAN -struct hs_list { - char *expression; - unsigned int id; - struct hs_list *next; -}; -#endif - #ifdef NDPI_LIB_COMPILATION struct ndpi_detection_module_struct { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 85cd4b9eb..8b99a9c95 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -48,9 +48,13 @@ #ifdef HAVE_HYPERSCAN #include -#endif -#ifdef HAVE_HYPERSCAN +struct hs_list { + char *expression; + unsigned int id; + struct hs_list *next; +}; + struct hs { hs_database_t *database; hs_scratch_t *scratch; -- cgit v1.2.3 From cd9d4569946055fc995a357d74e2fb67bf1e1f8c Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Thu, 16 Aug 2018 22:31:23 -0400 Subject: Include sys/types.h for u_int16_t. On various embedded environments (OpenWrt, EdgeOS), must be included for u_intX_t types. The Hyperscan changes made recently introducted a u_int16_t member in actypes.h which is undeclared in certainly environments without this include. Signed-off-by: Darryl Sokoloski --- src/lib/ndpi_main.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 85cd4b9eb..fc6f4ea55 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -27,6 +27,7 @@ #include #include +#include #include "ahocorasick.h" #include "libcache.h" -- cgit v1.2.3 From d2bc3ea20927ace331abcd8b939cb6e74fbc8ce1 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Fri, 17 Aug 2018 12:00:28 +0200 Subject: Initial hyperscan support for all protocols --- src/lib/ndpi_content_match.c.inc | 516 ++++++++++++++++++++------------------- 1 file changed, 260 insertions(+), 256 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 0d1e15ce0..d6da458eb 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8059,45 +8059,48 @@ ndpi_protocol_match host_match[] = { { ".cnn.c", NULL, "\\.cnn" TLD, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".cnn.net", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".dropbox.com", NULL, ".\\dropbox" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropbox.com", NULL, "\\.dropbox" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".dropboxstatic.com", NULL, "\\.dropboxstatic" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".dropbox-dns.com", NULL, "\\.dropbox-dns" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "log.getdropbox.com", NULL, "log\\.getdropbox" TLD, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ - { ".ebay.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaystatic.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaydesc.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebayrtm.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaystratus.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebayimg.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebay.", NULL, "\\.ebay" TLD, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ + { ".ebay.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystatic.com", NULL, "\\.ebaystatic" TLD, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaydesc.com", NULL, "\\.ebaydesc" TLD, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayrtm.com", NULL, "\\.ebayrtm" TLD, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystratus.com", NULL, "\\.ebaystratus" TLD, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayimg.com", NULL, "\\.ebayimg" TLD, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", NULL, "\\.instagram" TLD, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", NULL, "instagram" TLD, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".cdninstagram.com", NULL, "\\.cdninstagram" TLD, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "facebook.com", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbstatic-a.akamaihd.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbcdn.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".facebook.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbsbx.com", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", NULL, "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", NULL, "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", NULL, "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".speedtest.net", NULL, NULL, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, + { "facebook.com", NULL, "facebook" TLD, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbstatic-a.akamaihd.net", NULL, "fbstatic-a\\.akamaihd" TLD, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbcdn.net", NULL, "\\.fbcdn" TLD, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbcdn-", NULL, "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".facebook.net", NULL, "\\.facebook" TLD, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbsbx.com", NULL, "\\.fbsbx" TLD, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { ".speedtest.net", NULL, "\\.speedtest" TLD, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - { "drive-thirdparty.googleusercontent.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.google.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "ntop.org", NULL, "ntop\\.org$", "ntop", NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - { "android.clients.google.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "ggpht.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "docs.googleusercontent.com", NULL, "docs\\.googleusercontent" TLD, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.googleusercontent.com", NULL, "docs.googleusercontent" TLD, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.google.com", NULL, "docs.google" TLD, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "ntop.org", NULL, NULL, "ntop", NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, + { "drive-thirdparty.googleusercontent.com", NULL, "drive-thirdparty\\.googleusercontent" TLD, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.google.com", NULL, "drive.google" TLD, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "android.clients.google.com", NULL, "android\\.clients\\.google" TLD, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "ggpht.com", NULL, "ggpht" TLD, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* See https://better.fyi/trackers/ @@ -8118,296 +8121,297 @@ ndpi_protocol_match host_match[] = { Gstatic by Google (gstatic.com) */ + + /* Google Advertisements */ - { ".googlesyndication.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "googleads.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".doubleclick.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "googleadservices.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".2mdn.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".dmtry.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "google-analytics.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "gtv1.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlesyndication.com", NULL, "\\.googlesyndication" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleads.", NULL, "googleads\\.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".doubleclick.net", NULL, "\\.doubleclick" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleadservices.", NULL, "googleadservices\\.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".2mdn.net", NULL, "\\.2mdn" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".dmtry.com", NULL, "\\.dmtry" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "google-analytics.", NULL, "google-analytics\\.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "gtv1.com", NULL, "gtv1" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Google Hangout */ - { "images2-hangout-opensocial.googleusercontent.com", NULL, NULL, "GoogleHangout", NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "images2-hangout-opensocial.googleusercontent.com", NULL, "images2-hangout-opensocial\\.googleusercontent" TLD, "GoogleHangout", NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, /* Google Services */ - { "googleapis.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googletagservices.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mtalk.google.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleapis.com", NULL, "googleapis" TLD, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", NULL, "\\.googletagservices" TLD, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mtalk.google.com", NULL, "mtalk\\.google" TLD, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "plus.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "plus.url.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "plus.google.com", NULL, "plus\\.google" TLD, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "plus.url.google.com", NULL, "plus\\.url\\.google" TLD, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* http://check.googlezip.net/connect [check browser connectivity] */ - { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "docs.google.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlezip.net", NULL, "\\.googlezip" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "googleusercontent.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleusercontent.com", NULL, "googleusercontent" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", NULL, "1e100" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.google.", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "maps.gstatic.com", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.google.", NULL, "maps\\.google" TLD, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.gstatic.com", NULL, "maps\\.gstatic" TLD, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gmail.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.google.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", NULL, "\\.gmail" TLD, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.google.", NULL, "mail\\.google" TLD, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "google.", NULL, "google" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", NULL, "\\.gstatic" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mail.outlook.com", NULL, NULL, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.outlook.com", NULL, "mail\\.outlook" TLD, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", NULL, NULL, "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".last.fm", NULL, "\\.last\\.fm$", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "msn.com", NULL, NULL, "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ + { "msn.com", NULL, "msn" TLD, "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ - { "netflix.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflxext.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflximg.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflximg.net", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflxso.net", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "netflix.com", NULL, "netflix" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxext.com", NULL, "nflxext" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.com", NULL, "nflximg" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.net", NULL, "nflximg" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", NULL, "nflxvideo" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxso.net", NULL, "nflxso" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".skype.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".lync.com", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e7768.b.akamaiedge.net", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.dspg.akamaiedge.net", NULL, NULL,"Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.g.akamaiedge.net", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skype.", NULL, "\\.skype" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", NULL, "\\.skypeassets" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", NULL, "\\.skypedata" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", NULL, "\\.skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", NULL, "\\.skypeforbusiness" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", NULL, "\\.lync" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e7768.b.akamaiedge.net", NULL, "e7768\\.b\\.akamaiedge" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.dspg.akamaiedge.net", NULL, "e4593\\.dspg\\.akamaiedge" TLD,"Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.g.akamaiedge.net", NULL, "e4593\\.g\\.akamaiedge" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".tuenti.com", NULL, NULL, "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", NULL, "\\.tuenti" TLD, "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".twttr.com", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "twitter.", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "twimg.com", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".twttr.com", NULL, "\\.twttr" TLD, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twitter.", NULL, "twitter" TLD, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twimg.com", NULL, "twimg" TLD, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".viber.com", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cdn.viber.com", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".viber.it", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", NULL, "\\.viber" TLD, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdn.viber.com", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.it", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikipedia.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "wikimedia.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mediawiki.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "wikimediafoundation.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikipedia.", NULL, "wikipedia" TLD, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimedia.", NULL, "wikimedia" TLD, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mediawiki.", NULL, "mediawiki" TLD, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimediafoundation.", NULL, "wikimediafoundation" TLD, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mmg-fna.whatsapp.net", NULL, NULL, "WhatsAppFiles", NDPI_PROTOCOL_WHATSAPP_FILES, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".whatsapp.", NULL, NULL, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "mmg-fna.whatsapp.net", NULL, "mmg-fna\\.whatsapp" TLD, "WhatsAppFiles", NDPI_PROTOCOL_WHATSAPP_FILES, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", NULL, "\\.whatsapp" TLD, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yahoo.", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".yimg.com", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "yahooapis.", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", NULL, "\\.yahoo" TLD, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".yimg.com", NULL, "\\.yimg" TLD, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "yahooapis.", NULL, "yahooapis" TLD, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "upload.youtube.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "upload.video.google.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtubei.googleapis.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtu.be.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "yt3.ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".googlevideo.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ytimg.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube-nocookie.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.youtube.com", NULL, "upload\\.youtube" TLD, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.video.google.com", NULL, "upload\\.video\\.google" TLD, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtubei.googleapis.com", NULL, "youtubei\\.googleapis" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube.", NULL, "youtube" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtu.be.", NULL, "youtu\\.be" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "yt3.ggpht.com", NULL, "yt3\\.ggpht" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".googlevideo.com", NULL, "\\.googlevideo" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ytimg.com", NULL, "\\.ytimg" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube-nocookie.", NULL, "youtube-nocookie" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ggpht.com", NULL, "ggpht" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".vevo.com", NULL, NULL, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", NULL, "\\.vevo" TLD, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".spotify.", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio-fa.scdn.co", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", NULL, "\\.spotify" TLD, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio-fa.scdn.co", NULL, "audio-fa\\.scdn" TLD, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "edge-mqtt.facebook.com", NULL, NULL, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "edge-mqtt.facebook.com", NULL, "edge-mqtt\\.facebook" TLD, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".pandora.com", NULL, NULL, "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pandora.com", NULL, "\\.pandora" TLD, "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".torproject.org", NULL, NULL, "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".torproject.org", NULL, "\\.torproject\\.org$", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", NULL, NULL, "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".kakao.com", NULL, "\\.kakao" TLD, "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "ttvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "static-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "www-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", NULL, "ttvnw" TLD, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "static-cdn.jtvnw.net", NULL, "static-cdn\\.jtvnw" TLD, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "www-cdn.jtvnw.net", NULL, "www-cdn\\.jtvnw" TLD, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qq.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".gtimg.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".qq.com", NULL, "\\.qq" TLD, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".gtimg.com", NULL, "\\.gtimg" TLD, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weibo.com", NULL, NULL, "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinaimg.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinajs.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.com.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.com", NULL, "\\.weibo" TLD, "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinaimg.cn", NULL, "\\.sinaimg" TLD, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinajs.cn", NULL, "\\.sinajs" TLD, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.cn", NULL, "\\.sina" TLD, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.com.cn", NULL, "\\.sina\\.com\\.cn$", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", NULL, "\\.appspot\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice-hrd.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", NULL, "\\.feelsonice\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapchat.", NULL, "\\.snapchat\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapads.", NULL, "\\.snapads\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - - { ".waze.com", NULL, NULL, "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".deezer.com", NULL, NULL, "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".microsoft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "i-msdn.sec.s-msft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".webtrends.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msecnd.net", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "bing.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".visualstudio.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, - { "login.live.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { "bn1301.storage.live.com", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "skyapi.live.net", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "d.docs.live.net", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "onedrive.live.com", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { "update.microsoft.com", NULL, NULL, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { ".windowsupdate.com", NULL, NULL, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - - { "worldofwarcraft.com", NULL, NULL, "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".anchorfree.", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "hotspotshield.com", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".northghost.com", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - - { ".webex.com", NULL, NULL, "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".ocsdomain.com", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ocs.fr", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".iflix.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".app.iflixcorp.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".images.iflixassets.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { "crl.microsoft.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-ocsp.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-aia.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-crl.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".omniroot.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".microsoftonline.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office365.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocsp.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocdn.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "officeapps.live.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "outlook.live.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "office.live.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".onenote.", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "office.net", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "feelinsonice.appspot.com", NULL, "\\.appspot" TLD, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice-hrd.appspot.com", NULL, "feelinsonice-hrd\\.appspot" TLD, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", NULL, "\\.feelsonice" TLD, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", NULL, "\\.snapchat" TLD, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", NULL, "\\.snapads" TLD, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + + { ".waze.com", NULL, "\\.waze" TLD, "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".deezer.com", NULL, "\\.deezer" TLD, "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".microsoft.com", NULL, "\\.microsoft" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "i-msdn.sec.s-msft.com", NULL, "i-msdn.sec\\.s-msft" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", NULL, "i2-msdn\\.sec\\.s-msft" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webtrends.com", NULL, "\\.webtrends" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msecnd.net", NULL, "\\.msecnd" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", NULL, "bing" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".visualstudio.com", NULL, "\\.visualstudio" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, + { "login.live.com", NULL, "login\\.live" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { "bn1301.storage.live.com", NULL, "bn1301\\.storage\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "*.gateway.messenger.live.com", NULL, "\\*\\.gateway\\.messenger\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "skyapi.live.net", NULL, "skyapi\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "d.docs.live.net", NULL, "d\\.docs\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "onedrive.live.com", NULL, "onedrive\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "update.microsoft.com", NULL, "update\\.microsoft" TLD, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".windowsupdate.com", NULL, "\\.windowsupdate" TLD, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + + { "worldofwarcraft.com", NULL, "worldofwarcraft" TLD, "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".anchorfree.", NULL, "\\.anchorfree" TLD, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", NULL, "hotspotshield" TLD, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".northghost.com", NULL, "\\.northghost" TLD, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".webex.com", NULL, "\\.webex" TLD, "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".ocsdomain.com", NULL, "\\.ocsdomain" TLD, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ocs.fr", NULL, "ocs" TLD, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", NULL, ".labgency" TLD, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".iflix.com", NULL, "\\.iflix" TLD, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".app.iflixcorp.com", NULL, "\\.app\\.iflixcorp" TLD, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".images.iflixassets.com", NULL, "\\.images\\.iflixassets" TLD, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { "crl.microsoft.com", NULL, "crl\\.microsoft" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-ocsp.verisign.com", NULL, "evsecure-ocsp\\.verisign" TLD,"Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-aia.verisign.com", NULL, "evsecure-aia\\.verisign" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-crl.verisign.com", NULL, "evsecure-crl\\.verisign" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".omniroot.com", NULL, "\\.omniroot" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoftonline.com", NULL, "\\.microsoftonline" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office365.com", NULL, "\\.office365" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office.com", NULL, "\\.office" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "office.net", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocsp.com", NULL, "\\.msocsp" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocdn.com", NULL, "\\.msocdn" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "officeapps.live.com", NULL, "officeapps\\.live" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "outlook.live.com", NULL, "outlook\\.live" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "office.live.com", NULL, "office\\.live" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".onenote.", NULL, "\\.onenote" TLD, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* http://www.urlquery.net/report.php?id=1453233646161 */ - { "lifedom.top", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "coby.ns.cloudflare.com", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amanda.ns.cloudflare.com", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "lifedom.top", NULL, "lifedom" TLD, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", NULL, "coby\\.ns\\.cloudflare" TLD, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", NULL, "amanda\\.ns\\.cloudflare" TLD, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "d295hzzivaok4k.cloudfront.net", NULL, NULL,"OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".opendns.com", NULL, NULL, "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "d295hzzivaok4k.cloudfront.net", NULL, "d295hzzivaok4k\\.cloudfront" TLD,"OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".opendns.com", NULL, "\\.opendns" TLD, "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */ - { "slack.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-msgs.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-files.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-imgs.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-edge.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-core.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-redir.net", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack.com", NULL, "slack" TLD, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-msgs.com", NULL, "\\.slack-msgs" TLD, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-files.com", NULL, "slack-files" TLD, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-imgs.com", NULL, "slack-imgs" TLD, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-edge.com", NULL, "\\.slack-edge" TLD, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-core.com", NULL, "\\.slack-core" TLD, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-redir.net", NULL, "slack-redir" TLD, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ - { "slack-assets2.s3-", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-assets2.s3-", NULL, "slack-assets2\\.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "zhiliaoapp.com", NULL, NULL, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "muscdn.com", NULL, NULL, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "livelycdn.com", NULL, NULL, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "direct.ly", NULL, NULL, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "zhiliaoapp.com", NULL, "zhiliaoapp" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "muscdn.com", NULL, "muscdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "livelycdn.com", NULL, "livelycdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "direct.ly", NULL, "direct\\.ly$", "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "github.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".steampowered.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamcontent.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net", NULL, NULL,"Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".wechat.com", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechat.org", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechatapp.com", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".we.chat", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wx.", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weixin.", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".mmsns.qpic.cn", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - - { "dnscrypt.org", NULL, NULL, "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - - { "torrent.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrents.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrentz.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - - { ".nintendo.net", NULL, NULL, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".nintendo.com", NULL, NULL, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.net", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.com", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".sonyentertainmentnetwork.com", NULL, NULL,"Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".linkedin.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".licdn.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".sndcdn.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".soundcloud.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "getrockerbox.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { "web.telegram.org", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tdesktop.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tupdate.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".pastebin.com", NULL, NULL, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - - { ".ppstream.com", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".pps.tv", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "github.com", NULL, "github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.com", NULL, "\\.github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "githubusercontent.com", NULL, "githubusercontent" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".githubusercontent.com", NULL, "\\.githubusercontent" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".steampowered.com", NULL, "\\.steampowered" TLD, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity.com", NULL, "steamcommunity" TLD, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamcontent.com", NULL, "\\.steamcontent" TLD, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", NULL, "\\.steamstatic" TLD, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net", NULL, "steamcommunity-a\\.akamaihd" TLD,"Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".wechat.com", NULL, "\\.wechat" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", NULL, "\\.wechatapp" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", NULL, "\\.we\\.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", NULL, "\\.wx\\.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", NULL, "\\.weixin\\.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", NULL, "\\.mmsns\\.qpic" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + + { "dnscrypt.org", NULL, "dnscrypt\\.org$", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "torrent.", NULL, "torrent" TLD, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", NULL, "torrents" TLD, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", NULL, "torrentz" TLD, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + + { ".nintendo.net", NULL, "\\.nintendo" TLD, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.com", NULL, NULL, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".playstation.net", NULL, "\\.playstation" TLD, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.com", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".sonyentertainmentnetwork.com", NULL, "\\.sonyentertainmentnetwork" TLD,"Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".linkedin.com", NULL, "\\.linkedin" TLD, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".licdn.com", NULL, "\\.licdn" TLD, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".sndcdn.com", NULL, "\\.sndcdn" TLD, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", NULL, "\\.soundcloud" TLD, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", NULL, "getrockerbox" TLD, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { "web.telegram.org", NULL, "web\\.telegram" TLD, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tdesktop.com", NULL, "tdesktop" TLD, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tupdate.com", NULL, "tupdate" TLD, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".pastebin.com", NULL, "\\.pastebin" TLD, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".ppstream.com", NULL, "\\.ppstream" TLD, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", NULL, "\\.pps\\.tv$", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, /* VidTO streaming service NOTE: this is a possible candidate for NDPI_PROTOCOL_GENERIC */ - { ".vidto.me", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".vidto.se", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".vidto.me", NULL, "\\.vidto" TLD, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".vidto.se", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, /* Not so popular services without a protocl dissector (and thus not worth a protocolId) that are handled/detected by categpory rather than by protocol id. They are bound to a generic protocol (NDPI_PROTOCOL_GENERIC) and placed onto the right category */ - { "quickplay.com", NULL, NULL, "QuickPlay", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "quickplay.com", NULL, "quickplay" TLD, "QuickPlay", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".iqiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".71.am", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", NULL, "\\.iqiyi" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", NULL, "\\.qiyi" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", NULL, "\\.71" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", NULL, "\\.qiyipic" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".1kxun.", NULL, "\\.1kxun\\.", "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", NULL, "tcad\\.wedolook" TLD, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "baidu.com", NULL, "baidu" TLD, "baidu", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "baidu.com", NULL, NULL, "baidu", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "icq.", NULL, "icq" TLD, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, /* RapidVideo streaming */ - { ".rapidvideo.com", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".playercdn.net", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".rapidvideo.com", NULL, "\\.rapidvideo" TLD, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".playercdn.net", NULL, "\\.playercdn" TLD, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, /* showmax.com video streaming */ - { "showmax.com", NULL, NULL, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "showmax.akamaized.net", NULL, NULL, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "showmax.com", NULL, "showmax" TLD, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "showmax.akamaized.net", NULL, "showmax\\.akamaized" TLD, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { NULL, NULL, NULL, 0 } }; -- cgit v1.2.3 From db74459ca2b8a05f52019c324b06f698a1df1465 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Fri, 17 Aug 2018 12:29:08 +0200 Subject: Fixes weibo detection --- src/lib/ndpi_content_match.c.inc | 1 + tests/result/weibo.pcap.out | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d6da458eb..390424eeb 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8237,6 +8237,7 @@ ndpi_protocol_match host_match[] = { { ".gtimg.com", NULL, "\\.gtimg" TLD, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weibo.com", NULL, "\\.weibo" TLD, "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.cn", NULL, NULL, "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinaimg.cn", NULL, "\\.sinaimg" TLD, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinajs.cn", NULL, "\\.sinajs" TLD, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sina.cn", NULL, "\\.sina" TLD, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 8ae9cdea1..befa40bea 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -1,10 +1,10 @@ -DNS 11 1129 6 +DNS 10 1059 5 HTTP 19 2275 5 SSL 15 1234 10 Google 10 660 5 Amazon 2 132 1 QUIC 23 4118 2 -Sina(Weibo) 418 258007 15 +Sina(Weibo) 419 258077 16 1 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn] 2 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn] @@ -49,4 +49,4 @@ Sina(Weibo) 418 258007 15 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] 42 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] 43 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] - 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] + 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] -- cgit v1.2.3 From 28ac30d82737d58dd2a75ea0c36891eaf29eaa60 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Fri, 17 Aug 2018 12:41:35 +0200 Subject: Fixes hyperscan skype detection --- src/lib/ndpi_content_match.c.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 390424eeb..4ad430778 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8043,7 +8043,7 @@ ndpi_protocol_match host_match[] = { { ".aaplimg.com", NULL, "\\.aaplimg" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "aaplimg.com", NULL, "aaplimg" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".apple.com", NULL, "\\.apple" TLD, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".icloud.com", NULL, "\\.icloud" TLD, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icloud.com", NULL, "\\.icloud\\.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "iosapps.itunes.apple.com", NULL, "iosapps\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ { "osxapps.itunes.apple.com", NULL, "osxapps\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ { "buy.itunes.apple.com", NULL, "buy\\.itunes\\.apple" TLD, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8173,11 +8173,11 @@ ndpi_protocol_match host_match[] = { { "nflxvideo.net", NULL, "nflxvideo" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "nflxso.net", NULL, "nflxso" TLD, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".skype.", NULL, "\\.skype" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", NULL, "\\.skypeassets" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", NULL, "\\.skypedata" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skype.", NULL, "\\.skype\\.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", NULL, "\\.skypeassets\\.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", NULL, "\\.skypedata\\.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeecs-", NULL, "\\.skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", NULL, "\\.skypeforbusiness" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", NULL, "\\.skypeforbusiness\\.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".lync.com", NULL, "\\.lync" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e7768.b.akamaiedge.net", NULL, "e7768\\.b\\.akamaiedge" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.dspg.akamaiedge.net", NULL, "e4593\\.dspg\\.akamaiedge" TLD,"Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 6491568e15a6e10df963383b62431b4a647af3ea Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Fri, 17 Aug 2018 12:48:53 +0200 Subject: Fixes hyperscan WeChat detection --- src/lib/ndpi_content_match.c.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4ad430778..2ba38dee1 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8342,8 +8342,8 @@ ndpi_protocol_match host_match[] = { { ".steamstatic.com", NULL, "\\.steamstatic" TLD, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity-a.akamaihd.net", NULL, "steamcommunity-a\\.akamaihd" TLD,"Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".wechat.com", NULL, "\\.wechat" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechat.org", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.com", NULL, "\\.wechat\\.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", NULL, "\\.wechat\\.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".wechatapp.com", NULL, "\\.wechatapp" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".we.chat", NULL, "\\.we\\.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".wx.", NULL, "\\.wx\\.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 47c2ad1b5f6e7a790a0b46d3950c915aad9c2f8f Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Fri, 17 Aug 2018 12:59:19 +0200 Subject: Webex category fix --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 85cd4b9eb..25171328a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1630,7 +1630,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, no_master, - no_master, "Webex", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, + no_master, "Webex", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, -- cgit v1.2.3 From 291acb94591da6fd9abf7c56177e61d35726f8f6 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Fri, 17 Aug 2018 13:13:26 +0200 Subject: Hyperscan regex for domains such as .com.cn or .co.uk --- src/lib/ndpi_content_match.c.inc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 2ba38dee1..60bc3498f 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8015,12 +8015,15 @@ Each part of a domain name can be no longer than 63 characters. There are no sin https://www.regular-expressions.info/email.html -We also add an optional .co to match domains such as .co.uk - (?i) is to make searches case insensitive + +(?:) is a non-capturing group used to allow patterns such as .co.uk or .com.cn + The non-capturing group is used in a nested fashion to capture the + .co, and then, optionally, another m. + */ -#define TLD "(?i)(\\.co){0,1}\\.[a-z]{2,63}$" +#define TLD "(?i)(?:\\.co(?:m)?)?\\.[a-z]{2,63}$" /* ****************************************************** */ -- cgit v1.2.3 From 1a6a9593fb603e84a87614cacc3856faa0ed916e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 20 Aug 2018 14:49:59 +0200 Subject: Changed type to ease compilation accross platforms --- src/lib/third_party/include/actypes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/third_party/include/actypes.h b/src/lib/third_party/include/actypes.h index c09d787c6..5a94b63a1 100644 --- a/src/lib/third_party/include/actypes.h +++ b/src/lib/third_party/include/actypes.h @@ -44,7 +44,7 @@ typedef char AC_ALPHABET_t; **/ typedef struct { int number; - u_int16_t category, breed; + unsigned int category, breed; } AC_REP_t; /* AC_PATTERN_t: -- cgit v1.2.3 From ff83bfbad073c106b41ace67cf828d6982d29635 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 23 Aug 2018 11:22:21 +0200 Subject: ADD: add prototype of function ht_free in hash.h - DEL: delete include file .c in ndpi_main.c --- src/lib/ndpi_main.c | 4 ++-- src/lib/third_party/include/hash.h | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b00212651..55af168e8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -43,9 +43,9 @@ #include "ndpi_content_match.c.inc" #include "third_party/include/ndpi_patricia.h" -#include "third_party/src/ndpi_patricia.c" +/* #include "third_party/src/ndpi_patricia.c" */ #include "third_party/include/hash.h" -#include "third_party/src/hash.c" +/* #include "third_party/src/hash.c" */ #ifdef HAVE_HYPERSCAN #include diff --git a/src/lib/third_party/include/hash.h b/src/lib/third_party/include/hash.h index 4f53e5a5e..2251706e4 100644 --- a/src/lib/third_party/include/hash.h +++ b/src/lib/third_party/include/hash.h @@ -25,5 +25,6 @@ extern int ht_hash( hashtable_t *hashtable, char *key ); extern entry_t *ht_newpair( char *key, u_int16_t value ); extern void ht_set( hashtable_t *hashtable, char *key, u_int16_t value ); extern u_int16_t ht_get( hashtable_t *hashtable, char *key ); +extern void ht_free( hashtable_t *hashtable ); #endif /* _HASH_H_ */ -- cgit v1.2.3 From a98c0a81be86936e96be7d2312ae11ef85b785b2 Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 25 Aug 2018 10:50:16 +0200 Subject: Added target for shared liubrary creation Added target for install Fixes #593 --- Makefile.am | 7 +--- autogen.sh | 2 +- configure.seed | 4 +- libndpi.pc.in | 10 ----- libndpi.sym | 75 ------------------------------------- src/lib/Makefile | 26 ------------- src/lib/Makefile.in | 49 ++++++++++++++++++++++++ tests/result/ssdp-m-search.pcap.out | 3 ++ 8 files changed, 57 insertions(+), 119 deletions(-) delete mode 100644 libndpi.pc.in delete mode 100644 libndpi.sym delete mode 100644 src/lib/Makefile create mode 100644 src/lib/Makefile.in create mode 100644 tests/result/ssdp-m-search.pcap.out (limited to 'src/lib') diff --git a/Makefile.am b/Makefile.am index 17c674812..0642aec9d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,3 @@ ACLOCAL_AMFLAGS = -I m4 - SUBDIRS = src/lib example tests - -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = libndpi.pc - -EXTRA_DIST = libndpi.sym autogen.sh +EXTRA_DIST = autogen.sh diff --git a/autogen.sh b/autogen.sh index ea5ed6694..20bf400ab 100755 --- a/autogen.sh +++ b/autogen.sh @@ -5,7 +5,7 @@ NDPI_MINOR="5" NDPI_PATCH="0" NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" -rm -f configure config.h config.h.in src/lib/Makefile.in +rm -f configure config.h config.h.in AUTOCONF=$(command -v autoconf) AUTOMAKE=$(command -v automake) diff --git a/configure.seed b/configure.seed index 6b85c66e9..946557a33 100644 --- a/configure.seed +++ b/configure.seed @@ -10,6 +10,7 @@ AC_PROG_CC AM_PROG_CC_C_O AX_PTHREAD +NDPI_VERSION_SHORT="@NDPI_VERSION_SHORT@" NDPI_MAJOR="@NDPI_MAJOR@" NDPI_MINOR="@NDPI_MINOR@" NDPI_PATCH="@NDPI_PATCH@" @@ -127,12 +128,13 @@ AC_ARG_ENABLE([debug-messages], AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) -AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile src/include/ndpi_define.h src/lib/Makefile]) AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) AC_SUBST(NDPI_MINOR) AC_SUBST(NDPI_PATCH) +AC_SUBST(NDPI_VERSION_SHORT) AC_SUBST(SVN_DATE) AC_SUBST(JSON_C_LIB) AC_SUBST(PCAP_INC) diff --git a/libndpi.pc.in b/libndpi.pc.in deleted file mode 100644 index 291429cc7..000000000 --- a/libndpi.pc.in +++ /dev/null @@ -1,10 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: libndpi -Description: deep packet inspection library -Version: @VERSION@ -Libs: -L${libdir} -lndpi -Cflags: -I${includedir}/libndpi-@VERSION@ diff --git a/libndpi.sym b/libndpi.sym deleted file mode 100644 index 66cffbb18..000000000 --- a/libndpi.sym +++ /dev/null @@ -1,75 +0,0 @@ -ndpi_dump_protocols -ndpi_strnstr -ndpi_detection_giveup -ndpi_get_proto_name -ndpi_free -ndpi_flow_free -ndpi_guess_undetected_protocol -ndpi_tfind -ndpi_tsearch -ndpi_set_protocol_detection_bitmask2 -ndpi_detection_get_sizeof_ndpi_id_struct -ndpi_detection_get_sizeof_ndpi_flow_struct -ndpi_load_protocols_file -ndpi_tdestroy -ndpi_exit_detection_module -ndpi_l4_detection_process_packet -ndpi_detection_process_packet -ndpi_process_extra_packet -ndpi_twalk -ndpi_tdelete -ndpi_revision -ndpi_init_detection_module -ndpi_get_num_supported_protocols -ndpi_set_proto_defaults -ndpi_get_protocol_id -ndpi_get_category_id -ndpi_find_port_based_protocol -ndpi_get_http_method -ndpi_get_http_url -ndpi_get_http_content_type -ndpi_free_flow -ndpi_get_proto_breed -ndpi_get_proto_breed_name -ndpi_get_proto_by_id -ndpi_get_proto_by_name -ndpi_get_protocol_id_master_proto -ndpi_guess_protocol_id -ndpi_protocol2name -ndpi_get_lower_proto -ndpi_is_proto -ndpi_malloc -ndpi_calloc -ndpi_set_detected_protocol -ndpi_match_string_subprotocol -ndpi_init_automa -ndpi_free_automa -ndpi_add_string_value_to_automa -ndpi_add_string_to_automa -ndpi_finalize_automa -ndpi_match_string -ndpi_match_string_id -set_ndpi_malloc -set_ndpi_flow_malloc -set_ndpi_free -set_ndpi_flow_free -set_ndpi_debug_function -ndpi_category_str -ndpi_get_proto_category -ndpi_netbios_name_interpret -ndpi_category_set_name -ndpi_category_get_name -ndpi_is_custom_category -ndpi_is_subprotocol_informative -ndpi_set_proto_category -ndpi_get_api_version -ndpi_network_ptree_match -ndpi_check_flow_func -ndpi_fill_protocol_category -ndpi_load_hostname_category -ndpi_enable_loaded_categories -ndpi_set_detection_preferences -ndpi_get_proto_defaults -ndpi_get_ndpi_num_supported_protocols -ndpi_get_ndpi_num_custom_protocols -ndpi_get_ndpi_detection_module_size diff --git a/src/lib/Makefile b/src/lib/Makefile deleted file mode 100644 index 19c6f1cfe..000000000 --- a/src/lib/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -# -# Simple non-autotools dependent makefile -# -# ./autogen.sh -# cd src/lib -# make -f Makefile.simple -# -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g -RANLIB = ranlib - -OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o -HEADERS = $(wildcard ../include/*.h) - -all: libndpi.a - -ndpi_main.c: ndpi_content_match.c.inc - -libndpi.a: $(OBJECTS) - ar rc $@ $(OBJECTS) - $(RANLIB) $@ - -%.o: %.c $(HEADERS) Makefile - $(CC) $(CFLAGS) -c $< -o $@ - -clean: - /bin/rm -f libndpi.a $(OBJECTS) diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in new file mode 100644 index 000000000..1bbc4095e --- /dev/null +++ b/src/lib/Makefile.in @@ -0,0 +1,49 @@ +# +# Simple non-autotools dependent makefile +# +# ./autogen.sh +# cd src/lib +# make Makefile +# + +# +# Installation directories +# +prefix = /usr/local +libdir = ${prefix}/lib +includedir = ${prefix}/include/ndpi + +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g +RANLIB = ranlib + +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o +HEADERS = $(wildcard ../include/*.h) +NDPI_LIB_STATIC = libndpi.a +NDPI_LIB_SHARED_BASE = libndpi.so +NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@ +NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED) + +all: $(NDPI_LIBS) + +ndpi_main.c: ndpi_content_match.c.inc + +$(NDPI_LIB_STATIC): $(OBJECTS) + ar rc $@ $(OBJECTS) + $(RANLIB) $@ + +$(NDPI_LIB_SHARED): $(OBJECTS) + gcc -shared -fPIC -o $@ $(OBJECTS) + ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo + +install: $(NDPI_LIBS) + mkdir -p $(DESTDIR)$(libdir) + cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ + ln -Fs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + mkdir -p $(DESTDIR)$(includedir) + cp ../include/*.h $(DESTDIR)$(includedir) diff --git a/tests/result/ssdp-m-search.pcap.out b/tests/result/ssdp-m-search.pcap.out new file mode 100644 index 000000000..e975bfeb4 --- /dev/null +++ b/tests/result/ssdp-m-search.pcap.out @@ -0,0 +1,3 @@ +SSDP 19 1197 1 + + 1 UDP 192.168.242.8:42253 -> 192.168.242.255:32412 [proto: 12/SSDP][cat: System/18][19 pkts/1197 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 396e72f4fe79f9579f36a0ec963e12c29fddb0d1 Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Mon, 27 Aug 2018 17:23:53 +0200 Subject: Move the configure include file inclusion and code depending on it in code protected by the NDPI_LIB_COMPILATION define, this should avoid it polluting the environment when including this file from ntopng. --- src/include/ndpi_typedefs.h | 16 ++++++++++++++++ src/lib/ndpi_main.c | 11 ----------- 2 files changed, 16 insertions(+), 11 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a3ed39c2d..8a2aec2c5 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -854,6 +854,22 @@ typedef struct ndpi_proto { #ifdef NDPI_LIB_COMPILATION +/* Needed to have access to HAVE_* defines */ +#include "ndpi_config.h" + +#ifdef HAVE_HYPERSCAN +struct hs_list { + char *expression; + unsigned int id; + struct hs_list *next; +}; + +struct hs { + hs_database_t *database; + hs_scratch_t *scratch; +}; +#endif + struct ndpi_detection_module_struct { NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2a51316fa..b8e22abe6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -49,17 +49,6 @@ #ifdef HAVE_HYPERSCAN #include - -struct hs_list { - char *expression; - unsigned int id; - struct hs_list *next; -}; - -struct hs { - hs_database_t *database; - hs_scratch_t *scratch; -}; #endif #define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" -- cgit v1.2.3 From f948f3525fddaae23eef0b88680e2c4e17c050ae Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 30 Aug 2018 09:59:39 +0200 Subject: Cleaned up makefile Used clang instead of gcc on MacOS --- example/Makefile.am | 12 ------------ src/lib/Makefile.in | 14 ++++++++++---- 2 files changed, 10 insertions(+), 16 deletions(-) delete mode 100644 example/Makefile.am (limited to 'src/lib') diff --git a/example/Makefile.am b/example/Makefile.am deleted file mode 100644 index e50d8c05c..000000000 --- a/example/Makefile.am +++ /dev/null @@ -1,12 +0,0 @@ -bin_PROGRAMS = ndpiReader - -AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ @HS_INC@ -AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage - -LDADD = $(top_builddir)/src/lib/libndpi.a @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ @HS_LIB@ -lm -AM_LDFLAGS = -static @DL_LIB@ @HS_LIB@ - -ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h uthash.h - -ndpiReader.o: ndpiReader.c - diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1bbc4095e..62f1b12a2 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -6,15 +6,17 @@ # make Makefile # +OS := $(shell uname -s) + # # Installation directories # prefix = /usr/local libdir = ${prefix}/lib includedir = ${prefix}/include/ndpi - -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g -RANLIB = ranlib +CC = gcc +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g +RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) @@ -23,6 +25,10 @@ NDPI_LIB_SHARED_BASE = libndpi.so NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@ NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED) +ifeq ($(OS),Darwin) +CC=clang +endif + all: $(NDPI_LIBS) ndpi_main.c: ndpi_content_match.c.inc @@ -32,7 +38,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(RANLIB) $@ $(NDPI_LIB_SHARED): $(OBJECTS) - gcc -shared -fPIC -o $@ $(OBJECTS) + $(CC) -shared -fPIC -o $@ $(OBJECTS) ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile -- cgit v1.2.3 From 0a33e439bde47d58391b14028ebcb50936926b78 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 30 Aug 2018 10:05:53 +0200 Subject: Better clang handling --- configure.seed | 7 ++++++- src/lib/Makefile.in | 3 +-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/configure.seed b/configure.seed index 946557a33..bce16c7c4 100644 --- a/configure.seed +++ b/configure.seed @@ -52,7 +52,12 @@ else AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) fi - +if test -z `which clang`; then +CC=gcc +else +CC=clang +fi + HS_LIB= HS_INC= diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 62f1b12a2..a0ac4a574 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -6,7 +6,6 @@ # make Makefile # -OS := $(shell uname -s) # # Installation directories @@ -14,7 +13,7 @@ OS := $(shell uname -s) prefix = /usr/local libdir = ${prefix}/lib includedir = ${prefix}/include/ndpi -CC = gcc +CC = @CC@ CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g RANLIB = ranlib -- cgit v1.2.3 From e4f01976a66f1943bde7b253b62430d36c6d9e74 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 30 Aug 2018 11:10:30 +0200 Subject: Added missing categorization when giveup/guess is called Added optimization for TCP flows that do not start with a SYN packet: early giveup is performed Code cleanup --- src/include/ndpi_typedefs.h | 3 +- src/lib/ndpi_main.c | 75 +++++++++++++----------- tests/result/1kxun.pcap.out | 16 ++--- tests/result/6in4tunnel.pcap.out | 4 +- tests/result/EAQ.pcap.out | 58 +++++++++--------- tests/result/Instagram.pcap.out | 24 ++++---- tests/result/KakaoTalk_chat.pcap.out | 18 +++--- tests/result/KakaoTalk_talk.pcap.out | 22 +++---- tests/result/bittorrent_ip.pcap.out | 4 +- tests/result/coap_mqtt.pcap.out | 8 +-- tests/result/diameter.pcap.out | 2 +- tests/result/dropbox.pcap.out | 8 +-- tests/result/http_ipv6.pcap.out | 14 ++--- tests/result/mssql_tds.pcap.out | 2 +- tests/result/netflix.pcap.out | 2 +- tests/result/nintendo.pcap.out | 14 ++--- tests/result/ocs.pcap.out | 12 ++-- tests/result/pps.pcap.out | 4 +- tests/result/skype.pcap.out | 68 ++++++++++----------- tests/result/skype_no_unknown.pcap.out | 60 +++++++++---------- tests/result/starcraft_battle.pcap.out | 46 +++++++-------- tests/result/teredo.pcap.out | 10 ++-- tests/result/tor.pcap.out | 2 +- tests/result/viber.pcap.out | 14 ++--- tests/result/waze.pcap.out | 18 +++--- tests/result/webex.pcap.out | 36 ++++++------ tests/result/wechat.pcap.out | 62 ++++++++++---------- tests/result/weibo.pcap.out | 40 ++++++------- tests/result/whatsapp_login_call.pcap.out | 72 +++++++++++------------ tests/result/whatsapp_login_chat.pcap.out | 2 +- tests/result/whatsapp_voice_and_message.pcap.out | 16 ++--- 31 files changed, 372 insertions(+), 364 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a3ed39c2d..0e069ae77 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -989,7 +989,6 @@ struct ndpi_flow_struct { /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category; - u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1; /* @@ -1000,6 +999,8 @@ struct ndpi_flow_struct { u_int8_t max_extra_packets_to_check; u_int8_t num_extra_packets_checked; + u_int8_t num_processed_pkts; /* <= WARNING it can wrap but we do expect people to giveup earlier */ + int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); /* diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2a51316fa..b5d587dce 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3516,7 +3516,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str if(flow->packet.l4_packet_len >=flow->packet.tcp->doff * 4) { flow->packet.payload_packet_len = flow->packet.l4_packet_len -flow->packet.tcp->doff * 4; - flow->packet.actual_payload_len =flow->packet.payload_packet_len; + flow->packet.actual_payload_len = flow->packet.payload_packet_len; flow->packet.payload = ((u_int8_t *)flow->packet.tcp) + (flow->packet.tcp->doff * 4); /* check for new tcp syn packets, here @@ -3526,15 +3526,17 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str && flow->packet.tcp->ack == 0 && flow->init_finished != 0 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - if(flow->http.url) - ndpi_free(flow->http.url); - if(flow->http.content_type) - ndpi_free(flow->http.content_type); - memset(flow, 0, sizeof(*(flow))); + u_int8_t backup; + + if(flow->http.url) ndpi_free(flow->http.url); + if(flow->http.content_type) ndpi_free(flow->http.content_type); + backup = flow->num_processed_pkts; + memset(flow, 0, sizeof(*(flow))); + flow->num_processed_pkts = backup; + NDPI_LOG_DBG(ndpi_struct, "tcp syn packet for unknown protocol, reset detection state\n"); - } } else { /* tcp header not complete */ @@ -3547,6 +3549,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str } else { flow->packet.generic_l4_ptr = l4ptr; } + return 0; } @@ -3837,7 +3840,6 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, } } - /* ********************************************************************************* */ void ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_struct, @@ -3932,6 +3934,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st } ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); } @@ -4236,6 +4239,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct u_int32_t a; ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; + flow->num_processed_pkts++; + if(ndpi_struct->ndpi_log_level >= NDPI_LOG_TRACE) NDPI_LOG(flow ? flow->detected_protocol_stack[0]:NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_TRACE, "START packet processing\n"); @@ -4264,7 +4269,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct return(ret); /* detect traffic for tcp or udp only */ - flow->src = src, flow->dst = dst; ndpi_connection_tracking(ndpi_struct, flow); @@ -4367,6 +4371,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet); ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + return(ret); } @@ -4395,6 +4400,24 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret.app_protocol = flow->detected_protocol_stack[0]; ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + + if((flow->num_processed_pkts == 1) + && (ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) + && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) + && flow->packet.tcp + && (flow->packet.tcp->syn == 0) + ) { + /* + This is a TCP flow + - whose first packet is NOT a SYN + - no protocol has been detected + + We don't see how future packets can match anything + hence we giveup here + */ + ret = ndpi_detection_giveup(ndpi_struct, flow); + } + return(ret); } @@ -4613,7 +4636,6 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3); flow->http.response_status_code[4]='\0'; - NDPI_LOG_DBG2(ndpi_struct, "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", packet->http_response.len, packet->http_response.ptr); @@ -5045,27 +5067,6 @@ void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ -/* change protocol only if guessing is active */ -/* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */ -/* struct ndpi_flow_struct *flow) */ -/* { */ -/* if(flow->guessed_host_protocol_id != 0 && */ -/* flow->guessed_protocol_id != 0) { */ -/* /\* app proto for flow *\/ */ -/* flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ -/* /\* master proto for flow *\/ */ -/* flow->detected_protocol_stack[1] = flow->guessed_protocol_id; */ - -/* /\* app proto for packet *\/ */ -/* flow->packet.detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ -/* /\* master proto for packet *\/ */ -/* flow->packet.detected_protocol_stack[1] = flow->guessed_protocol_id; */ - -/* } */ -/* } */ - -/* ********************************************************************************* */ - /* turns a packet back to unknown */ void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet) { int a; @@ -5297,11 +5298,13 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); + ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, + dport, &user_defined_proto); if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.category = ndpi_get_proto_category(ndpi_struct, ret); return(ret); } @@ -5311,8 +5314,10 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct if(rc == NDPI_PROTOCOL_SSL) goto check_guessed_skype; - else + else { + ret.category = ndpi_get_proto_category(ndpi_struct, ret); return(ret); + } } check_guessed_skype: @@ -5325,8 +5330,10 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct ret.app_protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); + ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, + dport, &user_defined_proto); + ret.category = ndpi_get_proto_category(ndpi_struct, ret); return(ret); } diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 5e37a65af..e02ddac2f 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -28,17 +28,17 @@ LLMNR 89 6799 47 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] 12 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes] 13 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes] - 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] + 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] 15 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] 16 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes] - 17 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] + 17 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] - 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] + 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes] 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] @@ -63,7 +63,7 @@ LLMNR 89 6799 47 46 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes] 47 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes] 48 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] - 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] + 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes] 50 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] 51 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] @@ -73,7 +73,7 @@ LLMNR 89 6799 47 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] 58 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] - 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] + 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes] 60 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 61 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 62 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes] @@ -83,7 +83,7 @@ LLMNR 89 6799 47 66 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] 67 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] 68 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 69 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] + 69 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][cat: Web/5][2 pkts/110 bytes <-> 1 pkts/66 bytes] 70 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] 71 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] 72 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] @@ -116,8 +116,8 @@ LLMNR 89 6799 47 99 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] 100 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] 101 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 87/RTP][cat: Media/1][2 pkts/132 bytes -> 0 pkts/0 bytes] - 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] - 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] + 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes] + 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes] 104 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes] 105 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] 106 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 28b2f5716..32ddda168 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -11,6 +11,6 @@ Facebook 37 14726 3 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes] 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/273 bytes][Host: star.c10r.facebook.com] 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com] - 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] - 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] + 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes] + 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes] 10 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/200 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 673f8309d..88828fa67 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -3,32 +3,32 @@ EAQ 174 10092 29 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br] 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com] - 3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 4 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 5 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 6 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 7 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 8 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 9 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 10 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 11 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 12 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 13 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 14 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 15 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 16 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 17 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 18 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 19 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 20 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 21 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 22 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 23 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 24 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 25 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 26 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 27 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 28 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 29 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 30 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 31 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 4 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 5 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 6 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 7 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 8 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 9 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 10 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 11 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 12 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 13 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 14 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 15 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 16 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 17 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 18 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 19 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 20 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes] + 21 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 22 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 23 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 24 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 25 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 26 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 27 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 28 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 29 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 30 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] + 31 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 416c11dca..9a34e2008 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -6,22 +6,22 @@ Facebook 251 215986 5 Dropbox 5 725 2 Instagram 363 255094 16 - 1 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] + 1 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] 2 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com] 3 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com] 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com] 5 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com] - 6 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][34 pkts/5555 bytes <-> 34 pkts/40133 bytes] - 7 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][25 pkts/37100 bytes <-> 24 pkts/1584 bytes] - 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][14 pkts/924 bytes <-> 20 pkts/28115 bytes] - 9 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][16 pkts/22931 bytes <-> 9 pkts/594 bytes] + 6 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][34 pkts/5555 bytes <-> 34 pkts/40133 bytes] + 7 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes] + 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes] + 9 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][cat: Web/5][16 pkts/22931 bytes <-> 9 pkts/594 bytes] 10 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net][server: a248.e.akamai.net] 11 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net][server: a248.e.akamai.net] - 12 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][6 pkts/4699 bytes <-> 6 pkts/1345 bytes] + 12 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][6 pkts/4699 bytes <-> 6 pkts/1345 bytes] 13 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] 14 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] - 15 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 6 pkts/4118 bytes] - 16 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 5 pkts/4020 bytes] + 15 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 6 pkts/4118 bytes] + 16 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 5 pkts/4020 bytes] 17 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com] 18 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][client: telegraph-ash.instagram.com] 19 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes] @@ -31,11 +31,11 @@ Instagram 363 255094 16 23 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com] 24 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net] 25 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 26 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 27 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 27 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][cat: Web/5][2 pkts/169 bytes -> 0 pkts/0 bytes] 29 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][cat: Cloud/13][1 pkts/145 bytes -> 0 pkts/0 bytes] - 30 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes] + 30 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/66 bytes] 31 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/85 bytes -> 0 pkts/0 bytes][Host: photos-b.ak.instagram.com] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 475345122..2648cce2a 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -15,14 +15,14 @@ KakaoTalk 55 9990 15 5 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][server: *.facebook.com] 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][server: *.facebook.com] 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][cat: VoIP/10][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][server: *.kakao.com] - 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][17 pkts/2231 bytes <-> 9 pkts/1695 bytes] - 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][9 pkts/1737 bytes <-> 9 pkts/672 bytes] + 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes] + 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes] 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com] 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com] 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com] - 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][7 pkts/392 bytes <-> 7 pkts/392 bytes] - 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][2 pkts/112 bytes <-> 3 pkts/168 bytes] - 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][2 pkts/139 bytes <-> 2 pkts/112 bytes] + 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes] + 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes] + 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes] 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/78 bytes <-> 1 pkts/166 bytes][Host: katalk.kakao.com] 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/85 bytes <-> 1 pkts/144 bytes][Host: developers.facebook.com] 18 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/80 bytes <-> 1 pkts/138 bytes][Host: graph.facebook.com] @@ -40,9 +40,9 @@ KakaoTalk 55 9990 15 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/118 bytes][Host: api.facebook.com] 31 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] 32 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com] - 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes -> 0 pkts/0 bytes] + 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][cat: Web/5][2 pkts/181 bytes -> 0 pkts/0 bytes] 34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/97 bytes][Host: dn-l.talk.kakao.com] - 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] + 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes] 36 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][cat: Network/14][1 pkts/147 bytes -> 0 pkts/0 bytes] - 37 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] - 38 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes -> 0 pkts/0 bytes] + 37 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes] + 38 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 02be47428..9bb9fca1b 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -18,15 +18,15 @@ KakaoTalk_Voice 44 6196 2 6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes] 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes] 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][6 pkts/543 bytes <-> 5 pkts/945 bytes] - 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][3 pkts/1044 bytes <-> 2 pkts/154 bytes] - 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][2 pkts/225 bytes <-> 2 pkts/171 bytes] - 12 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes -> 0 pkts/0 bytes] - 13 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][3 pkts/168 bytes <-> 2 pkts/112 bytes] + 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes] + 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes] + 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes] + 12 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][cat: Web/5][5 pkts/350 bytes -> 0 pkts/0 bytes] + 13 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][cat: Web/5][3 pkts/168 bytes <-> 2 pkts/112 bytes] 14 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/79 bytes <-> 1 pkts/118 bytes][Host: mqtt.facebook.com] - 15 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] - 16 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes -> 0 pkts/0 bytes] - 17 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] - 18 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] - 19 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] - 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] + 15 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes] + 16 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][2 pkts/124 bytes -> 0 pkts/0 bytes] + 17 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes] + 18 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes] + 19 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][1 pkts/56 bytes -> 0 pkts/0 bytes] + 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/bittorrent_ip.pcap.out b/tests/result/bittorrent_ip.pcap.out index 5a08d2dee..5594deec3 100644 --- a/tests/result/bittorrent_ip.pcap.out +++ b/tests/result/bittorrent_ip.pcap.out @@ -1,4 +1,4 @@ BitTorrent 479 508018 2 - 1 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][305 pkts/461770 bytes <-> 126 pkts/8316 bytes] - 2 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][25 pkts/36414 bytes <-> 23 pkts/1518 bytes] + 1 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][305 pkts/461770 bytes <-> 126 pkts/8316 bytes] + 2 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][25 pkts/36414 bytes <-> 23 pkts/1518 bytes] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index 20d676291..4b780fee0 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -6,10 +6,10 @@ MQTT 7695 668291 4 2 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC/16][918 pkts/76692 bytes <-> 1008 pkts/90434 bytes] 3 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC/16][921 pkts/76872 bytes <-> 1001 pkts/90056 bytes] 4 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][cat: RPC/16][1005 pkts/90274 bytes <-> 914 pkts/76454 bytes] - 5 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] - 6 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] - 7 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] - 8 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] + 5 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] + 6 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] + 7 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] + 8 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] 9 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC/16][3 pkts/262 bytes <-> 3 pkts/205 bytes] 10 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC/16][2 pkts/147 bytes <-> 2 pkts/257 bytes] 11 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC/16][2 pkts/158 bytes <-> 2 pkts/151 bytes] diff --git a/tests/result/diameter.pcap.out b/tests/result/diameter.pcap.out index 9a43af0ef..50b5651ab 100644 --- a/tests/result/diameter.pcap.out +++ b/tests/result/diameter.pcap.out @@ -1,3 +1,3 @@ Diameter 6 1980 1 - 1 TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][3 pkts/1174 bytes <-> 3 pkts/806 bytes] + 1 TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][cat: Web/5][3 pkts/1174 bytes <-> 3 pkts/806 bytes] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 4ba0e0e02..10fb21cb6 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -4,10 +4,10 @@ Dropbox 1104 246122 16 1 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com][server: client-cf.dropbox.com] 2 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][28 pkts/12486 bytes <-> 26 pkts/14946 bytes][client: d.dropbox.com] - 3 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] - 4 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] - 5 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] - 6 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] + 3 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] + 4 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] + 5 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] + 6 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] 7 UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][44 pkts/19936 bytes -> 0 pkts/0 bytes] 8 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com][server: *.dropbox.com] 9 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index f0b5577d6..c9de9cedb 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -11,11 +11,11 @@ QUIC 3 502 1 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][cat: Web/5][2 pkts/359 bytes <-> 1 pkts/143 bytes] - 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes] diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index 47403889e..b24080ac7 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -1,6 +1,6 @@ MsSQL-TDS 38 16260 12 - 1 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes -> 0 pkts/0 bytes] + 1 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][7 pkts/8717 bytes -> 0 pkts/0 bytes] 2 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][10 pkts/1552 bytes <-> 7 pkts/1521 bytes] 3 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][2 pkts/614 bytes <-> 2 pkts/524 bytes] 4 TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/1136 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 9a3029b4c..41ad6e3f9 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -63,5 +63,5 @@ Amazon 2 126 1 57 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/85 bytes <-> 1 pkts/137 bytes][Host: sha2.san.akam.nflximg.net] 58 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/113 bytes][Host: a1907.dscg.akamai.net] 59 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/112 bytes][Host: a803.dscg.akamai.net] - 60 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes -> 0 pkts/0 bytes] + 60 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes] 61 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 2dd617913..025c468b3 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -5,7 +5,7 @@ Amazon 76 10811 7 1 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][cat: Game/8][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] 2 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] 3 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][cat: Game/8][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] - 4 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] + 4 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][cat: Web/5][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] 7 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][cat: Game/8][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] @@ -13,13 +13,13 @@ Amazon 76 10811 7 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes] 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes] 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] - 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/730 bytes -> 0 pkts/0 bytes] 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes] 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] - 21 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] + 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes -> 0 pkts/0 bytes] + 21 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/54 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index ed1e8218c..b5b526bfa 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -10,14 +10,14 @@ GoogleServices 13 2277 2 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws] 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] - 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] + 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/SSL.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] - 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] - 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes] + 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes] 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] - 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] - 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] - 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes -> 0 pkts/0 bytes] + 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes] 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com] 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index a8259c514..dd6d1710b 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -76,8 +76,8 @@ GenericProtocol 1429 1780307 49 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] - 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes] - 73 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] + 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] + 73 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] Undetected flows: diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 9f50790f3..590f97c71 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -20,7 +20,7 @@ ApplePush 12 1877 1 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125/Skype][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes] - 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] + 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes] 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] @@ -35,76 +35,76 @@ ApplePush 12 1877 1 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][cat: VoIP/10][11 pkts/1578 bytes <-> 4 pkts/342 bytes] 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes] - 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] + 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1554 bytes <-> 3 pkts/200 bytes] 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][cat: VoIP/10][14 pkts/1090 bytes <-> 6 pkts/534 bytes] - 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] - 25 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] - 26 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] - 27 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] - 28 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] - 29 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] + 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes] + 25 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1305 bytes <-> 3 pkts/285 bytes] + 26 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1218 bytes <-> 4 pkts/351 bytes] + 27 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/285 bytes] + 28 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/955 bytes <-> 9 pkts/561 bytes] + 29 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1270 bytes <-> 3 pkts/243 bytes] 30 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][cat: VoIP/10][15 pkts/1138 bytes <-> 4 pkts/372 bytes] 31 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][cat: VoIP/10][14 pkts/1075 bytes <-> 4 pkts/431 bytes] 32 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][cat: VoIP/10][14 pkts/1100 bytes <-> 5 pkts/395 bytes] - 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes] - 34 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] + 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1207 bytes <-> 3 pkts/277 bytes] + 34 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][cat: Web/5][12 pkts/1221 bytes <-> 3 pkts/231 bytes] 35 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][14 pkts/1062 bytes <-> 4 pkts/383 bytes] 36 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes] 37 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes] 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 5 pkts/402 bytes] - 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] + 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1151 bytes <-> 3 pkts/260 bytes] 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][14 pkts/1040 bytes <-> 4 pkts/362 bytes] 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1050 bytes <-> 4 pkts/351 bytes] 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes] 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes] - 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] + 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][cat: Web/5][11 pkts/1140 bytes <-> 3 pkts/250 bytes] 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes] 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/391 bytes] 48 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/386 bytes] 49 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/380 bytes] - 50 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] + 50 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][cat: Web/5][13 pkts/1176 bytes <-> 3 pkts/200 bytes] 51 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes] 52 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][cat: VoIP/10][13 pkts/971 bytes <-> 4 pkts/399 bytes] 53 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes] 54 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes] 55 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/407 bytes] 56 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes] - 57 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] - 58 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] - 59 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] + 57 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1074 bytes <-> 3 pkts/277 bytes] + 58 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1102 bytes <-> 3 pkts/247 bytes] + 59 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1109 bytes <-> 3 pkts/236 bytes] 60 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes] - 61 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] + 61 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1074 bytes <-> 3 pkts/254 bytes] 62 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes] - 63 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] + 63 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1088 bytes <-> 3 pkts/236 bytes] 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes] - 65 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] + 65 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][cat: Web/5][11 pkts/960 bytes <-> 4 pkts/351 bytes] 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes] - 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] + 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1039 bytes <-> 3 pkts/267 bytes] 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes] 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][cat: VoIP/10][13 pkts/982 bytes <-> 4 pkts/322 bytes] - 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] + 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1002 bytes <-> 3 pkts/285 bytes] 71 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes] 72 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes] - 73 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] - 74 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] + 73 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/999 bytes <-> 4 pkts/266 bytes] + 74 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1032 bytes <-> 3 pkts/230 bytes] 75 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes] 76 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/411 bytes] 77 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][cat: VoIP/10][13 pkts/994 bytes <-> 2 pkts/243 bytes] 78 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes] 79 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes] 80 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes] - 81 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] + 81 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/857 bytes <-> 4 pkts/351 bytes] 82 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][11 pkts/827 bytes <-> 3 pkts/325 bytes] - 83 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] + 83 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][9 pkts/862 bytes <-> 3 pkts/285 bytes] 84 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][cat: VoIP/10][12 pkts/935 bytes <-> 2 pkts/197 bytes] - 85 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] + 85 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/237 bytes] 86 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][11 pkts/838 bytes <-> 3 pkts/270 bytes] - 87 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] + 87 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][9 pkts/822 bytes <-> 3 pkts/285 bytes] 88 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][11 pkts/814 bytes <-> 3 pkts/287 bytes] 89 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/908 bytes -> 0 pkts/0 bytes] 90 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes] - 91 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] + 91 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes] 92 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][8 pkts/656 bytes -> 0 pkts/0 bytes] 93 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] 94 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] @@ -123,8 +123,8 @@ ApplePush 12 1877 1 107 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 108 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 109 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] - 111 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes] + 111 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes] 112 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] 113 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] 114 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] @@ -133,9 +133,9 @@ ApplePush 12 1877 1 117 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] 118 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] 119 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 120 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] + 120 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/297 bytes <-> 3 pkts/186 bytes] 121 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Streaming/17][5 pkts/430 bytes -> 0 pkts/0 bytes] - 122 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 122 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes] 123 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] 124 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 125 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] @@ -149,7 +149,7 @@ ApplePush 12 1877 1 133 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] 134 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index a4e58cd54..9c1dcbd1f 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -13,38 +13,38 @@ MS_OneDrive 348 181687 1 ApplePush 8 1118 1 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] - 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] - 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] + 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] + 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes] 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes] - 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][4 pkts/818 bytes <-> 4 pkts/2172 bytes] + 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][4 pkts/818 bytes <-> 4 pkts/2172 bytes] 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] - 12 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] - 13 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] - 14 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] - 15 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] - 16 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] - 17 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] + 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1446 bytes <-> 4 pkts/266 bytes] + 12 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][cat: Web/5][13 pkts/1437 bytes <-> 3 pkts/200 bytes] + 13 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1333 bytes <-> 3 pkts/251 bytes] + 14 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1284 bytes <-> 3 pkts/285 bytes] + 15 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][cat: Web/5][12 pkts/1291 bytes <-> 3 pkts/242 bytes] + 16 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1235 bytes <-> 3 pkts/285 bytes] + 17 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/265 bytes] 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][cat: VoIP/10][14 pkts/1104 bytes <-> 5 pkts/392 bytes] 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][cat: VoIP/10][14 pkts/1106 bytes <-> 5 pkts/385 bytes] 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][14 pkts/1070 bytes <-> 4 pkts/420 bytes] 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes] - 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] - 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] + 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][11 pkts/1164 bytes <-> 3 pkts/268 bytes] + 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1077 bytes <-> 4 pkts/351 bytes] 24 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes] 25 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes] 26 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][14 pkts/1093 bytes <-> 4 pkts/333 bytes] - 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] - 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] + 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1095 bytes <-> 3 pkts/285 bytes] + 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1022 bytes <-> 4 pkts/351 bytes] 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][13 pkts/991 bytes <-> 4 pkts/378 bytes] 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes] - 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] + 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1012 bytes <-> 4 pkts/351 bytes] 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][cat: VoIP/10][13 pkts/976 bytes <-> 4 pkts/365 bytes] 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes] 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes] @@ -55,16 +55,16 @@ ApplePush 8 1118 1 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes] 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][11 pkts/861 bytes <-> 4 pkts/397 bytes] 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes] - 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] - 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] + 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][cat: Web/5][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/902 bytes <-> 4 pkts/351 bytes] 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes] 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][cat: VoIP/10][12 pkts/942 bytes <-> 3 pkts/284 bytes] 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][cat: VoIP/10][11 pkts/832 bytes <-> 4 pkts/387 bytes] - 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] + 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/852 bytes <-> 4 pkts/351 bytes] 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][12 pkts/916 bytes <-> 3 pkts/281 bytes] 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][11 pkts/862 bytes <-> 3 pkts/314 bytes] 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes] - 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] + 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/285 bytes] 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][cat: VoIP/10][12 pkts/931 bytes <-> 2 pkts/219 bytes] 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP/10][11 pkts/855 bytes <-> 3 pkts/287 bytes] 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/958 bytes <-> 2 pkts/184 bytes] @@ -76,7 +76,7 @@ ApplePush 8 1118 1 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP/10][7 pkts/571 bytes <-> 3 pkts/286 bytes] 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes] - 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] + 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes] 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] 67 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] 68 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] @@ -87,7 +87,7 @@ ApplePush 8 1118 1 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] 74 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] 75 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 76 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 76 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes] 77 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] 78 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] 79 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] @@ -97,13 +97,13 @@ ApplePush 8 1118 1 83 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] 84 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] 85 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 86 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] - 87 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] - 88 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] + 86 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/293 bytes <-> 3 pkts/186 bytes] + 87 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes] + 88 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes] 89 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/432 bytes -> 0 pkts/0 bytes] - 90 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] - 91 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 92 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 90 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/237 bytes <-> 3 pkts/186 bytes] + 91 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 92 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes] 93 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 94 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 95 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][4 pkts/328 bytes -> 0 pkts/0 bytes] @@ -112,7 +112,7 @@ ApplePush 8 1118 1 98 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes] 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes] - 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes] 102 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] 103 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index ee66db4dd..c385561d7 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -29,7 +29,7 @@ Starcraft 236 51494 6 17 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net] 18 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net] 19 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net] - 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][6 pkts/376 bytes <-> 7 pkts/526 bytes] + 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes] 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com] 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net] 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes] @@ -37,28 +37,28 @@ Starcraft 236 51494 6 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com] 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa] 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa] - 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] - 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net] - 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 34 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 37 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][2 pkts/145 bytes <-> 1 pkts/89 bytes] - 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/120 bytes] + 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 34 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 37 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][cat: Collaborative/15][2 pkts/145 bytes <-> 1 pkts/89 bytes] + 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/120 bytes] 41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa] - 42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] - 44 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 44 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes] 45 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][2 pkts/120 bytes -> 0 pkts/0 bytes] - 46 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] - 47 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] - 48 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] - 49 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] - 50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] - 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] - 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 46 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes] + 47 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes] + 48 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 49 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] + 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes] + 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out index 55dc2932c..24be9ebb2 100644 --- a/tests/result/teredo.pcap.out +++ b/tests/result/teredo.pcap.out @@ -1,7 +1,7 @@ Teredo 24 2574 5 - 1 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][10 pkts/930 bytes <-> 4 pkts/374 bytes] - 2 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/206 bytes <-> 2 pkts/302 bytes] - 3 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] - 4 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] - 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] + 1 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][10 pkts/930 bytes <-> 4 pkts/374 bytes] + 2 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][2 pkts/206 bytes <-> 2 pkts/302 bytes] + 3 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes] + 4 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes] + 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 2cd7fd1da..69b7d3e71 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -14,4 +14,4 @@ Tor 3676 3014362 7 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes] 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes] 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 5d2f07f10..738169827 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -11,17 +11,17 @@ QUIC 3 194 1 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/SSL.Viber][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][client: dl-media.viber.com][server: *.viber.com] 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/SSL.Viber][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][client: media.cdn.viber.com][server: *.cdn.viber.com] 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91/SSL][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][client: brahe.apptimize.com][server: *.apptimize.com] - 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][32 pkts/6563 bytes <-> 26 pkts/2782 bytes] + 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: Chat/9][32 pkts/6563 bytes <-> 26 pkts/2782 bytes] 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91/SSL][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][client: app-measurement.com] 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com] 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][client: venetia.iad.appboy.com][server: y.ssl.fastly.net] 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com] - 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] - 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] + 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: Chat/9][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] + 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: Chat/9][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] - 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] 15 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] @@ -32,5 +32,5 @@ QUIC 3 194 1 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] 24 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] - 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 8bf4d88fc..5b183ea2c 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -29,15 +29,15 @@ WhatsApp 15 1341 1 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] - 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 27 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 29 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 31 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 27 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 29 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 31 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index ecd0f6432..71fb528d1 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -43,23 +43,23 @@ Amazon 3 174 1 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com] 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] - 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes] + 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes] 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] - 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] - 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][4 pkts/452 bytes <-> 4 pkts/216 bytes] - 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] - 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] - 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][4 pkts/299 bytes <-> 4 pkts/216 bytes] - 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][3 pkts/245 bytes <-> 2 pkts/108 bytes] - 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][3 pkts/209 bytes <-> 2 pkts/108 bytes] - 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][2 pkts/128 bytes <-> 1 pkts/54 bytes] - 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] - 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/501 bytes <-> 4 pkts/216 bytes] + 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes] + 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes] + 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes] + 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][4 pkts/299 bytes <-> 4 pkts/216 bytes] + 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][3 pkts/245 bytes <-> 2 pkts/108 bytes] + 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes] + 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][2 pkts/128 bytes <-> 1 pkts/54 bytes] + 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index b9c7c3de0..92c6852e0 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -13,7 +13,7 @@ LLMNR 12 944 6 WeChat 1251 606425 49 GoogleDocs 15 5114 2 - 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] + 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][cat: Chat/9][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com] 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com] @@ -47,46 +47,46 @@ GoogleDocs 15 5114 2 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes] 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes] - 35 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] + 35 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][2 pkts/2508 bytes -> 0 pkts/0 bytes] 36 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1428 bytes -> 0 pkts/0 bytes] - 37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][10 pkts/660 bytes <-> 10 pkts/660 bytes] + 37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][cat: Web/5][10 pkts/660 bytes <-> 10 pkts/660 bytes] 38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1148 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] - 40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] - 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][3 pkts/802 bytes <-> 3 pkts/198 bytes] + 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][13 pkts/866 bytes <-> 4 pkts/280 bytes] + 40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/1078 bytes -> 0 pkts/0 bytes] + 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][cat: Chat/9][3 pkts/802 bytes <-> 3 pkts/198 bytes] 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][9 pkts/828 bytes -> 0 pkts/0 bytes] 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][15 pkts/810 bytes -> 0 pkts/0 bytes] 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes] - 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] - 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes] 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] - 48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 51 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] - 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] - 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] - 57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] - 58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] - 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][5 pkts/290 bytes <-> 4 pkts/234 bytes] - 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 4 pkts/319 bytes] - 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] + 48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] + 49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] + 50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] + 51 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] + 52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] + 53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] + 54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][cat: Web/5][4 pkts/264 bytes <-> 4 pkts/319 bytes] + 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes] + 58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes] + 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes] + 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/198 bytes <-> 4 pkts/319 bytes] + 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes] 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] - 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes] - 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] + 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/198 bytes <-> 3 pkts/198 bytes] + 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][6 pkts/396 bytes -> 0 pkts/0 bytes] 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] - 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] + 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][3 pkts/206 bytes <-> 2 pkts/148 bytes] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][cat: Media/1][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes] - 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][4 pkts/200 bytes -> 0 pkts/0 bytes] - 74 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 74 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][2 pkts/132 bytes <-> 1 pkts/66 bytes] 75 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] 76 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq] 77 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] @@ -100,10 +100,10 @@ GoogleDocs 15 5114 2 85 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] 86 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] 87 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] - 88 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] - 89 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 91 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] + 88 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][2 pkts/132 bytes -> 0 pkts/0 bytes] + 89 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 91 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][cat: Web/5][2 pkts/132 bytes -> 0 pkts/0 bytes] 92 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes] 93 0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes] 94 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index befa40bea..f6c618bcf 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -18,7 +18,7 @@ Sina(Weibo) 419 258077 16 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com] 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn] 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn] - 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/382 bytes <-> 1 pkts/66 bytes][client: g.alicdn.com] + 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][client: g.alicdn.com] 14 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn] 15 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn] 16 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Host: g.alicdn.com] @@ -26,27 +26,27 @@ Sina(Weibo) 419 258077 16 18 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/81 bytes <-> 1 pkts/159 bytes][Host: u1.img.mobile.sina.cn] 19 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com] 20 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com] - 21 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][2 pkts/140 bytes <-> 1 pkts/74 bytes] - 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] - 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] - 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 21 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes] + 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes] 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com] 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com] - 27 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 30 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 31 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 32 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 27 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 30 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 31 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 32 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes] 33 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com] - 34 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] - 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 37 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 38 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 40 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 42 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 34 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 37 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 38 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] + 42 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes] 43 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index f6250fa67..0fa82a7df 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -24,24 +24,24 @@ ApplePush 22 5926 1 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] 11 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/2176 bytes -> 0 pkts/0 bytes] - 12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][9 pkts/1130 bytes <-> 8 pkts/868 bytes] + 12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][cat: Web/5][9 pkts/1130 bytes <-> 8 pkts/868 bytes] 13 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 15 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 16 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 21 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 22 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 23 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 24 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 26 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 27 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 28 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] - 29 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] + 14 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 15 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 16 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 21 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 22 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 23 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 24 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 26 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 27 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 28 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes] + 29 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes <-> 2 pkts/132 bytes] 30 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] 31 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net] 32 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][cat: Streaming/17][3 pkts/258 bytes -> 0 pkts/0 bytes] @@ -49,25 +49,25 @@ ApplePush 22 5926 1 34 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes] 35 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/218 bytes -> 0 pkts/0 bytes] 36 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/218 bytes -> 0 pkts/0 bytes] - 37 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 38 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 39 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 40 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 41 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 42 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 43 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 44 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 45 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 46 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 47 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 48 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 49 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 50 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 51 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 52 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 53 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 54 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 55 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 37 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 38 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 39 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 40 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 41 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 42 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 43 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 44 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 45 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 46 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 47 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 48 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 49 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 50 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 51 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 52 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 53 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 54 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 55 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes] Undetected flows: diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index c3aab5c2d..324b0cd4c 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -6,7 +6,7 @@ WhatsApp 32 3243 2 Spotify 1 86 1 ApplePush 6 2095 1 - 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] + 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes] 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index df4f997e1..e14163cbd 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -7,11 +7,11 @@ WhatsApp 217 22139 5 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][cat: Chat/9][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] - 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 125.49/Skype.SkypeCallIn][5 pkts/840 bytes <-> 4 pkts/344 bytes] - 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 10 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/840 bytes <-> 4 pkts/344 bytes] + 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 10 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] -- cgit v1.2.3 From 225826ce83c224000a8c5f8e72cb33a1f2559fd9 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 5 Sep 2018 16:10:07 +0200 Subject: FIX: dropbox dissector. UPD: updated pcap file with new dropbox pkts --- src/lib/protocols/dropbox.c | 2 +- tests/pcap/dropbox.pcap | Bin 329062 -> 104124 bytes tests/result/dropbox.pcap.out | 58 ++++++++++++------------------------------ 3 files changed, 17 insertions(+), 43 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index b987ba253..d981c76b3 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -51,7 +51,7 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, if((packet->udp->source == dropbox_port) && (packet->udp->dest == dropbox_port)) { if(payload_len > 2) { - if(strncmp((const char *)packet->payload, "{\"host_int\"", 11) == 0) { + if(strstr((const char *)packet->payload, "\"host_int\"") != NULL) { NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); diff --git a/tests/pcap/dropbox.pcap b/tests/pcap/dropbox.pcap index 6e950826e..9824eb6ed 100644 Binary files a/tests/pcap/dropbox.pcap and b/tests/pcap/dropbox.pcap differ diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 10fb21cb6..a015f4d46 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -1,43 +1,17 @@ -MDNS 16 1648 1 -SSDP 140 61108 22 -Dropbox 1104 246122 16 +Dropbox 848 90532 15 - 1 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com][server: client-cf.dropbox.com] - 2 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][28 pkts/12486 bytes <-> 26 pkts/14946 bytes][client: d.dropbox.com] - 3 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] - 4 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] - 5 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] - 6 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] - 7 UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][44 pkts/19936 bytes -> 0 pkts/0 bytes] - 8 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com][server: *.dropbox.com] - 9 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com] - 10 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][cat: Cloud/13][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com] - 11 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/2632 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][16 pkts/1648 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com] - 26 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com] - 37 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com] - 38 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com] - 39 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com] + 1 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] + 2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] + 3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] + 4 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] + 5 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com] + 8 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com] + 9 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com] + 10 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com] + 11 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com] + 12 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.64:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/615 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.64:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/615 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 6373c355cfd497d57609b8ecfc62717758ac7154 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 5 Sep 2018 23:23:54 +0200 Subject: Added fix for out of boundary memory access Fixes warning --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 557c5b455..ebc209f68 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1935,7 +1935,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) { int min_len = (txt->length < m->patterns->length) ? txt->length : m->patterns->length; - char buf[64]; + char buf[64] = { '\0' }; int min_buf_len = (txt->length > 63 /* sizeof(buf)-1 */) ? 63 : txt->length; u_int buf_len = strlen(buf); @@ -4607,7 +4607,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->line[packet->parsed_lines].ptr = packet->payload; packet->line[packet->parsed_lines].len = 0; - for(a = 0; a < packet->payload_packet_len; a++) { + for(a = 0; a < packet->payload_packet_len-2; a++) { if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { /* If end of line char sequence CR+NL "\r\n", process line */ packet->line[packet->parsed_lines].len = (u_int16_t)(((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr)); -- cgit v1.2.3 From 77ea1c25bd423b4d4e2cf455fdb686c2204276aa Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Sun, 9 Sep 2018 08:20:54 +0000 Subject: Avoid possible NULL pointer dereference in ndpi_detection_process_packet --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ebc209f68..b00225c7c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4228,14 +4228,14 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct u_int32_t a; ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; - flow->num_processed_pkts++; - if(ndpi_struct->ndpi_log_level >= NDPI_LOG_TRACE) NDPI_LOG(flow ? flow->detected_protocol_stack[0]:NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_TRACE, "START packet processing\n"); if(flow == NULL) return(ret); + flow->num_processed_pkts++; + if(flow->server_id == NULL) flow->server_id = dst; /* Default */ if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) goto ret_protocols; -- cgit v1.2.3 From 1075283d8e273d3971fc5c48f442ed8723a7db15 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 11 Sep 2018 09:26:01 +0300 Subject: Fixes #601 --- src/lib/Makefile.in | 2 +- src/lib/protocols/ssl.c | 36 ++++++++++++++++++++++++++---------- 2 files changed, 27 insertions(+), 11 deletions(-) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index a0ac4a574..ca2900171 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -14,7 +14,7 @@ prefix = /usr/local libdir = ${prefix}/lib includedir = ${prefix}/include/ndpi CC = @CC@ -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 # -g RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index b8c36976b..59aedcb45 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" -/* #define CERTIFICATE_DEBUG 1 */ +// #define CERTIFICATE_DEBUG 1 #define NDPI_MAX_SSL_REQUEST_SIZE 10000 /* Skype.c */ @@ -246,28 +246,43 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t compression_len; u_int16_t extensions_len; - compression_len = packet->payload[offset+1]; - offset += compression_len + 3; + offset++; + compression_len = packet->payload[offset]; + offset++; + +#ifdef CERTIFICATE_DEBUG + printf("SSL [compression_len: %u]\n", compression_len); +#endif + + // offset += compression_len + 3; + offset += compression_len; if(offset < total_len) { - extensions_len = packet->payload[offset]; + extensions_len = ntohs(*((u_int16_t*)&packet->payload[offset])); + offset += 2; + +#ifdef CERTIFICATE_DEBUG + printf("SSL [extensions_len: %u]\n", extensions_len); +#endif - if((extensions_len+offset) < total_len) { + if((extensions_len+offset) <= total_len) { /* Move to the first extension Type is u_int to avoid possible overflow on extension_len addition */ - u_int extension_offset = 1; + u_int extension_offset = 0; while(extension_offset < extensions_len) { u_int16_t extension_id, extension_len; - memcpy(&extension_id, &packet->payload[offset+extension_offset], 2); + extension_id = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset])); extension_offset += 2; - memcpy(&extension_len, &packet->payload[offset+extension_offset], 2); + extension_len = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset])); extension_offset += 2; - extension_id = ntohs(extension_id), extension_len = ntohs(extension_len); - +#ifdef CERTIFICATE_DEBUG + printf("SSL [extension_id: %u][extension_len: %u]\n", extension_id, extension_len); +#endif + if(extension_id == 0) { u_int begin = 0,len; char *server_name = (char*)&packet->payload[offset+extension_offset]; @@ -316,6 +331,7 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) { char certificate[64]; int rc; + certificate[0] = '\0'; rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate)); packet->ssl_certificate_num_checks++; -- cgit v1.2.3 From b9ae0f8888da758f93aa6ed2033b614926a4e3d8 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 11 Sep 2018 10:07:39 +0300 Subject: Fixes #578 --- src/lib/ndpi_content_match.c.inc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 60bc3498f..c2b6dec41 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8541,12 +8541,13 @@ static const char *ndpi_en_bigrams[] = { static const char *ndpi_en_impossible_bigrams[] = { "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", /* "ee", removed it can be found in 'meeting' */ - "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", "jc", "jd", "jf", "jg", "jh", "jk", + "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", /* "jc", jcrew.com */ "jd", "jf", "jg", "jh", "jk", "jl", "jm", "jn", "jp", "jq", "jr", /* "js", */ "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx", - "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii", + "kz", "lq", "lx", /* "mg" tamgrt.com , */ "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii", "qg", "qh", "qj", "qk", "ql", "qm", "qn", "qo", "qp", "qr", "qs", "qt", "qv", "qw", "qx", "qy", "uu", "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vm", "vn", "vp", "bw", /* "vk", "zr" Removed for kavkazr */ - "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", "xb", "xg", "xj", "xk", "xv", "xz", "xw", "yd", /*"yp", Removed for paypal */ + "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", /* "xb", foxbusiness.com */ + "xg", "xj", "xk", "xv", "xz", "xw", "yd", /*"yp", Removed for paypal */ "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zs", "zx", "wh", "wk", "wb", "zk", "kp", "zk", "xy", NULL }; -- cgit v1.2.3 From 6ac83ce7eb9961785bb2b7ba4c3788524591b30f Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Tue, 11 Sep 2018 10:43:04 +0200 Subject: Fixes broken hyperscan compilation --- configure.seed | 1 + example/Makefile.in | 2 +- src/include/ndpi_typedefs.h | 2 ++ src/lib/ndpi_main.c | 4 ---- 4 files changed, 4 insertions(+), 5 deletions(-) (limited to 'src/lib') diff --git a/configure.seed b/configure.seed index 8f8817f24..548cffc83 100644 --- a/configure.seed +++ b/configure.seed @@ -74,6 +74,7 @@ if test "${with_hyperscan+set}" = set; then AC_CHECK_LIB([stdc++], [main]) HS_INC=`pkg-config --cflags libhs` HS_LIB=`pkg-config --libs libhs` + LDFLAGS="$LDFLAGS $HS_LIB" else AC_MSG_RESULT([Intel Hyperscan not found, exiting. See https://github.com/intel/hyperscan/blob/master/doc/dev-reference/getting_started.rst for install/build instructions]) exit 1 diff --git a/example/Makefile.in b/example/Makefile.in index b515fa42a..7f465bdde 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -7,7 +7,7 @@ OBJS=ndpiReader.o ndpi_util.o all: ndpiReader ndpiReader: $(OBJS) $(LIBNDPI) - $(CC) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS) + $(CXX) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c4df5b030..385c330f4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -858,6 +858,8 @@ typedef struct ndpi_proto { #include "ndpi_config.h" #ifdef HAVE_HYPERSCAN +#include + struct hs_list { char *expression; unsigned int id; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b00225c7c..b4fa7a9bc 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -47,10 +47,6 @@ #include "third_party/include/hash.h" /* #include "third_party/src/hash.c" */ -#ifdef HAVE_HYPERSCAN -#include -#endif - #define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" static int _ndpi_debug_callbacks = 0; -- cgit v1.2.3 From adcb82d2b528a24d834c6b9ebb183a7261401afd Mon Sep 17 00:00:00 2001 From: 诟屍 Date: Tue, 11 Sep 2018 16:46:13 +0800 Subject: parse protocol's string_to_match into hex which could be match by hyperscan (#589) * if one protocol do not have it's regex (pattern_to_match) then parse it's string (string_to_match) into hex so we can match every protocol with hyperscan * fix string2hex() * fix init_hyperscan(): check return value of string2hex() --- src/lib/ndpi_main.c | 68 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 53 insertions(+), 15 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b4fa7a9bc..722fdb68f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -800,10 +800,27 @@ static int hyperscan_load_patterns(struct hs *hs, u_int num_patterns, /* ******************************************************************** */ +static char* string2hex(const char *pat) { + u_int patlen, i; + char *hexbuf, *buf; + + patlen = strlen(pat); + hexbuf = (char*)calloc(sizeof(char), patlen * 4 + 1); + if(!hexbuf) return(NULL); + + for (i = 0, buf = hexbuf; i < patlen; i++, buf += 4) { + snprintf(buf, 5, "\\x%02x", (unsigned char)pat[i]); + } + *buf = '\0'; + + return hexbuf; +} + static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { - u_int num_patterns = 0, i; - const char **expressions; + u_int num_patterns = 0, i, j; + char **expressions; unsigned int *ids; + unsigned char *need_to_be_free; struct hs *hs; int rc; @@ -811,31 +828,52 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { if(!ndpi_mod->hyperscan) return(-1); hs = (struct hs*)ndpi_mod->hyperscan; - for(i=0; host_match[i].string_to_match != NULL; i++) { - if(host_match[i].pattern_to_match) { - /* printf("[DEBUG] %s\n", host_match[i].pattern_to_match); */ - num_patterns++; - } + for(i = 0; host_match[i].string_to_match != NULL || host_match[i].pattern_to_match != NULL; i++) { + num_patterns++; } - expressions = (const char**)calloc(sizeof(char*), num_patterns+1); + expressions = (char**)calloc(sizeof(char*), num_patterns + 1); if(!expressions) return(-1); - ids = (unsigned int*)calloc(sizeof(unsigned int), num_patterns+1); + ids = (unsigned int*)calloc(sizeof(unsigned int), num_patterns + 1); if(!ids) { free(expressions); return(-1); } - for(i=0, num_patterns=0; host_match[i].string_to_match != NULL; i++) { - if(host_match[i].pattern_to_match) { - expressions[num_patterns] = host_match[i].pattern_to_match; - ids[num_patterns] = host_match[i].protocol_id; - num_patterns++; + need_to_be_free = (unsigned char*)calloc(sizeof(unsigned char), num_patterns + 1); + if (!need_to_be_free) { + free(expressions); + free(ids); + return(-1); + } + + for (i = 0, j = 0; host_match[i].string_to_match != NULL || host_match[i].pattern_to_match != NULL; i++) { + if (host_match[i].pattern_to_match) { + expressions[j] = host_match[i].pattern_to_match; + ids[j] = host_match[i].protocol_id; + need_to_be_free[j] = 0; + ++j; + } else { + expressions[j] = string2hex(host_match[i].string_to_match); + if (expressions[j] != NULL) { + ids[j] = host_match[i].protocol_id; + need_to_be_free[j] = 1; + ++j; + } else { +#ifdef DEBUG + printf("Fail to calloc memory for %s\n", host_match[i].string_to_match); +#endif + } } + /*printf("[DEBUG] %s\n", j ? expressions[j - 1] : "No Expression");*/ } - rc = hyperscan_load_patterns(hs, num_patterns, expressions, ids); + rc = hyperscan_load_patterns(hs, j, (const char**)expressions, ids); + + for (i = 0; i < j; ++i) + if (need_to_be_free[i]) + free(expressions[i]); free(expressions), free(ids); return(rc); -- cgit v1.2.3 From f48c7ab8e6b0a6848aaab28ec56212787b41defa Mon Sep 17 00:00:00 2001 From: Daniele De Sensi Date: Tue, 11 Sep 2018 12:41:05 +0200 Subject: Fixed bug in spotify dissector (subnet /24 was matched as /22). Slight performance improvements in spotify dissector (avoid doing ntohl and masking in each and all if conditions). --- src/lib/protocols/spotify.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index 699d8f346..a180a1ea7 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -88,17 +88,25 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, */ //printf("%08X - %08X\n", ntohl(packet->iph->saddr), ntohl(packet->iph->daddr)); - if(((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0x4E1F0800 /* 78.31.8.0 */) - || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0x4E1F0800 /* 78.31.8.0 */) + + long src_addr = ntohl(packet->iph->saddr); + long dst_addr = ntohl(packet->iph->daddr); + long src_addr_masked_22 = src_addr & 0xFFFFFC00; // */22 + long dst_addr_masked_22 = dst_addr & 0xFFFFFC00; // */22 + long src_addr_masked_24 = src_addr & 0xFFFFFF00; // */24 + long dst_addr_masked_24 = dst_addr & 0xFFFFFF00; // */24 + + if( src_addr_masked_22 == 0x4E1F0800 /* 78.31.8.0 */ + || dst_addr_masked_22 == 0x4E1F0800 /* 78.31.8.0 */ /* **** */ - || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC1EBE800 /* 193.235.232.0 */) - || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC1EBE800 /* 193.235.232.0 */) - /* **** */ - || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284C400 /* 194.132.196.0 */) - || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284C400 /* 194.132.196.0 */) - /* **** */ - || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */) - || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */) + || src_addr_masked_22 == 0xC1EBE800 /* 193.235.232.0 */ + || dst_addr_masked_22 == 0xC1EBE800 /* 193.235.232.0 */ + /* **** */ + || src_addr_masked_22 == 0xC284C400 /* 194.132.196.0 */ + || dst_addr_masked_22 == 0xC284C400 /* 194.132.196.0 */ + /* **** */ + || src_addr_masked_24 == 0xC284A200 /* 194.132.162.0 */ + || dst_addr_masked_24 == 0xC284A200 /* 194.132.162.0 */ ) { NDPI_LOG_INFO(ndpi_struct, "found spotify via ip range\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); -- cgit v1.2.3 From c0ed50d5b002838ded46ee22852404998389f9b7 Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Tue, 11 Sep 2018 17:16:12 -0400 Subject: Prevent invalid reads past end-of-buffer. The recent revert commit applied to ndpi_parse_packet_line_info resurrects an old bug where the last lines in packets that end with a CR+NL will not be parsed. This revert commit is an attempt to prevent invalid reads past the end of the packet buffer. This PR moves the end-of-bounds test to before the 16-bit read and returns if true. This fixes the case where a text line ends aligned to the buffer-end boundary, and it fixes the invalid read issue. Signed-off-by: Darryl Sokoloski --- src/lib/ndpi_main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 722fdb68f..b904bbefc 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4641,7 +4641,11 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->line[packet->parsed_lines].ptr = packet->payload; packet->line[packet->parsed_lines].len = 0; - for(a = 0; a < packet->payload_packet_len-2; a++) { + for(a = 0; a < packet->payload_packet_len; a++) { + + if((a + 1) == packet->payload_packet_len) + return; /* Return if only one byte remains (prevent invalid reads past end-of-buffer) */ + if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { /* If end of line char sequence CR+NL "\r\n", process line */ packet->line[packet->parsed_lines].len = (u_int16_t)(((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr)); @@ -4821,9 +4825,6 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->line[packet->parsed_lines].ptr = &packet->payload[a + 2]; packet->line[packet->parsed_lines].len = 0; - if((a + 2) >= packet->payload_packet_len) - return; - a++; /* next char in the payload */ } } -- cgit v1.2.3 From e8c738282d99f4bcb056d81211e331ca9db8d7bf Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 13 Sep 2018 00:04:19 +0200 Subject: Improved Facebook Messenger support --- src/lib/ndpi_content_match.c.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index c2b6dec41..57c53872c 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8225,6 +8225,7 @@ ndpi_protocol_match host_match[] = { { "audio-fa.scdn.co", NULL, "audio-fa\\.scdn" TLD, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "edge-mqtt.facebook.com", NULL, "edge-mqtt\\.facebook" TLD, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "messenger.com", NULL, "messenger\\.com" TLD, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".pandora.com", NULL, "\\.pandora" TLD, "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 8689d3293ab7b09b84395d5351f7f3901db78653 Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 17 Sep 2018 17:57:47 +0200 Subject: Added ndpi_protocol2id() API call --- src/include/ndpi_api.h | 14 ++++++++++++++ src/lib/ndpi_main.c | 17 +++++++++++++++++ 2 files changed, 31 insertions(+) (limited to 'src/lib') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 3fefc8e4b..0409cb8c4 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -432,6 +432,20 @@ extern "C" { char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len); + /** + * Same as ndpi_protocol2name() with the difference that the numeric protocol + * name is returned + * + * @par ndpi_mod = the detection module + * @par proto = the struct ndpi_protocol contain the protocols name + * @par buf = the buffer to write the name of the protocols + * @par buf_len = the length of the buffer + * @return the buffer contains the master_protocol and protocol name + * + */ + char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol proto, char *buf, u_int buf_len); + /** * Find out if a given category is custom/user-defined * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b904bbefc..dcf146538 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5363,6 +5363,23 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct /* ****************************************************** */ +char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol proto, char *buf, u_int buf_len) { + if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) + && (proto.master_protocol != proto.app_protocol)) { + if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + snprintf(buf, buf_len, "%u.%u", + proto.master_protocol, proto.app_protocol); + else + snprintf(buf, buf_len, "%u", proto.master_protocol); + } else + snprintf(buf, buf_len, "%u", proto.app_protocol); + + return(buf); +} + +/* ****************************************************** */ + char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) -- cgit v1.2.3 From b0f9f76b798dad7f63999537df8918885fbd37ac Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 17 Sep 2018 23:15:44 +0200 Subject: Addes support for SMBv1 traffic that has been split from SMBv23 --- src/include/ndpi_protocol_ids.h | 6 +++--- src/lib/ndpi_main.c | 14 ++++++-------- src/lib/protocols/smb.c | 12 +++++++----- 3 files changed, 16 insertions(+), 16 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index f3e100d64..7b4961a0e 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -50,7 +50,7 @@ typedef enum { NDPI_PROTOCOL_BGP = 13, NDPI_PROTOCOL_SNMP = 14, NDPI_PROTOCOL_XDMCP = 15, - NDPI_PROTOCOL_SMB = 16, + NDPI_PROTOCOL_SMBV1 = 16, /* SMB version 1 */ NDPI_PROTOCOL_SYSLOG = 17, NDPI_PROTOCOL_DHCP = 18, NDPI_PROTOCOL_POSTGRES = 19, @@ -75,8 +75,8 @@ typedef enum { NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, NDPI_PROTOCOL_MUSICALLY = 39, NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ - - NDPI_PROTOCOL_FREE_41 = 41, /* Free */ + NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ + NDPI_PROTOCOL_FREE_42 = 42, /* Free */ NDPI_PROTOCOL_FREE_43 = 43, /* Free */ NDPI_PROTOCOL_FREE_44 = 44, /* Free */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dcf146538..8fed1ebf1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -43,9 +43,7 @@ #include "ndpi_content_match.c.inc" #include "third_party/include/ndpi_patricia.h" -/* #include "third_party/src/ndpi_patricia.c" */ #include "third_party/include/hash.h" -/* #include "third_party/src/hash.c" */ #define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" @@ -1104,10 +1102,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV1, no_master, - no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, - ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, + no_master, "SMBv1", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, no_master, @@ -1219,10 +1217,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Memcached", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 11211, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 11211, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_41, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV23, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + no_master, "SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, + ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_42, no_master, diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index fa684eb66..c6b0676b6 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMB - #include "ndpi_api.h" @@ -43,19 +41,23 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_INFO(ndpi_struct, "found SMB\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMB, NDPI_PROTOCOL_UNKNOWN); + if(packet->payload[8] == 0x72) + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, NDPI_PROTOCOL_UNKNOWN); + else + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, __FILE__, __FUNCTION__, __LINE__); + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, __FILE__, __FUNCTION__, __LINE__); } void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("SMB", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_SMB, + NDPI_PROTOCOL_SMBV23, ndpi_search_smb_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, -- cgit v1.2.3 From c6b427c2521c0916866f932ea1db43334a01b2f4 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 18 Sep 2018 18:13:04 +0200 Subject: Implementation of Bitcoin, Ethereum, ZCash, Monero dissectors all identified as mining Implements #503 --- src/include/ndpi_protocol_ids.h | 4 +- src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 9 ++-- src/lib/protocols/mining.c | 94 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/bitcoin.pcap | Bin 0 -> 591290 bytes tests/pcap/ethereum.pcap | Bin 0 -> 147293 bytes tests/pcap/monero.pcap | Bin 0 -> 171804 bytes tests/pcap/zcash.pcap | Bin 0 -> 22988 bytes tests/result/bitcoin.pcap.out | 8 ++++ tests/result/ethereum.pcap.out | 4 ++ tests/result/monero.pcap.out | 4 ++ tests/result/zcash.pcap.out | 3 ++ 12 files changed, 122 insertions(+), 5 deletions(-) create mode 100644 src/lib/protocols/mining.c create mode 100644 tests/pcap/bitcoin.pcap create mode 100644 tests/pcap/ethereum.pcap create mode 100644 tests/pcap/monero.pcap create mode 100644 tests/pcap/zcash.pcap create mode 100644 tests/result/bitcoin.pcap.out create mode 100644 tests/result/ethereum.pcap.out create mode 100644 tests/result/monero.pcap.out create mode 100644 tests/result/zcash.pcap.out (limited to 'src/lib') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 7b4961a0e..607e8deef 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -75,9 +75,9 @@ typedef enum { NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, NDPI_PROTOCOL_MUSICALLY = 39, NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ - NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ + NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ + NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ - NDPI_PROTOCOL_FREE_42 = 42, /* Free */ NDPI_PROTOCOL_FREE_43 = 43, /* Free */ NDPI_PROTOCOL_FREE_44 = 44, /* Free */ NDPI_PROTOCOL_FREE_45 = 45, /* Free */ diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 5c08f85f5..e1f3af4fb 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -260,6 +260,7 @@ void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8fed1ebf1..9b6501d9b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1222,10 +1222,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_42, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MINING, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + no_master, "Mining", CUSTOM_CATEGORY_MINING /* dummy */, + ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_43, no_master, @@ -2929,6 +2929,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* SMB */ init_smb_dissector(ndpi_struct, &a, detection_bitmask); + /* MINING */ + init_mining_dissector(ndpi_struct, &a, detection_bitmask); + /* TELNET */ init_telnet_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c new file mode 100644 index 000000000..ec094e7d3 --- /dev/null +++ b/src/lib/protocols/mining.c @@ -0,0 +1,94 @@ +/* + * mining.c [Bitcoin, Ethereum, ZCash, Monero] + * + * Copyright (C) 2018 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ +#include "ndpi_protocol_ids.h" + +#include "ndpi_api.h" + +void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search MINING\n"); + + /* Check connection over TCP */ + if(packet->tcp && (packet->payload_packet_len > 10)) { + + if(packet->tcp->source == htons(8333)) { + /* + Bitcoin + + bitcoin.magic == 0xf9beb4d9 || bitcoin.magic == 0xfabfb5da + */ + u_int32_t magic = htonl(0xf9beb4d9), magic1 = htonl(0xfabfb5da), *to_match = (u_int32_t*)packet->payload; + + if((*to_match == magic) || (*to_match == magic1)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + } + } if(ndpi_strnstr((const char *)packet->payload, "\"eth1.0\"", packet->payload_packet_len) + || ndpi_strnstr((const char *)packet->payload, "\"worker\"", packet->payload_packet_len) + || ndpi_strnstr((const char *)packet->payload, "\"id\"", packet->payload_packet_len)) { + /* + Ethereum + + {"worker": "eth1.0", "jsonrpc": "2.0", "params": ["0x0fccfff9e61a230ff380530c6827caf4759337c6.rig2", "x"], "id": 2, "method": "eth_submitLogin"} + { "id": 2, "jsonrpc":"2.0","result":true} + {"worker": "", "jsonrpc": "2.0", "params": [], "id": 3, "method": "eth_getWork"} + */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + } else if(ndpi_strnstr((const char *)packet->payload, "\"method\"", packet->payload_packet_len) + || ndpi_strnstr((const char *)packet->payload, "\"blob\"", packet->payload_packet_len) + || ndpi_strnstr((const char *)packet->payload, "\"id\"", packet->payload_packet_len)) { + /* + ZCash + + {"method":"login","params":{"login":"4BCeEPhodgPMbPWFN1dPwhWXdRX8q4mhhdZdA1dtSMLTLCEYvAj9QXjXAfF7CugEbmfBhgkqHbdgK9b2wKA6nqRZQCgvCDm.cb2b73415c4faf214035a73b9d947c202342f3bf3bdf632132bd6d7af98cb257.ryzen","pass":"x","agent":"xmr-stak-cpu/1.3.0-1.5.0"},"id":1} + {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"479059546883218","job":{"blob":"0606e89883d205a65d8ee78991838a1cf3ec2ebbc5fb1fa43dec5fa1cd2bee4069212a549cd731000000005a88235653097aa3e97ef2ceef4aee610751a828f9be1a0758a78365fb0a4c8c05","job_id":"722134174127131","target":"dc460300"},"status":"OK"}} + {"method":"submit","params":{"id":"479059546883218","job_id":"722134174127131","nonce":"98024001","result":"c9be9381a68d533c059d614d961e0534d7d8785dd5c339c2f9596eb95f320100"},"id":1} + + Monero + + {"method":"login","params":{"login":"4BCeEPhodgPMbPWFN1dPwhWXdRX8q4mhhdZdA1dtSMLTLCEYvAj9QXjXAfF7CugEbmfBhgkqHbdgK9b2wKA6nqRZQCgvCDm.cb2b73415c4faf214035a73b9d947c202342f3bf3bdf632132bd6d7af98cb257.ryzen","pass":"x","agent":"xmr-stak-cpu/1.3.0-1.5.0"},"id":1} + {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"479059546883218","job":{"blob":"0606e89883d205a65d8ee78991838a1cf3ec2ebbc5fb1fa43dec5fa1cd2bee4069212a549cd731000000005a88235653097aa3e97ef2ceef4aee610751a828f9be1a0758a78365fb0a4c8c05","job_id":"722134174127131","target":"dc460300"},"status":"OK"}} + {"method":"submit","params":{"id":"479059546883218","job_id":"722134174127131","nonce":"98024001","result":"c9be9381a68d533c059d614d961e0534d7d8785dd5c339c2f9596eb95f320100"},"id":1} + */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + } + } + + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, __FILE__, __FUNCTION__, __LINE__); +} + + +void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("Mining", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_MINING, + ndpi_search_mining_tcp, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + diff --git a/tests/pcap/bitcoin.pcap b/tests/pcap/bitcoin.pcap new file mode 100644 index 000000000..ce62ed779 Binary files /dev/null and b/tests/pcap/bitcoin.pcap differ diff --git a/tests/pcap/ethereum.pcap b/tests/pcap/ethereum.pcap new file mode 100644 index 000000000..f77637d62 Binary files /dev/null and b/tests/pcap/ethereum.pcap differ diff --git a/tests/pcap/monero.pcap b/tests/pcap/monero.pcap new file mode 100644 index 000000000..67d796882 Binary files /dev/null and b/tests/pcap/monero.pcap differ diff --git a/tests/pcap/zcash.pcap b/tests/pcap/zcash.pcap new file mode 100644 index 000000000..213585dbd Binary files /dev/null and b/tests/pcap/zcash.pcap differ diff --git a/tests/result/bitcoin.pcap.out b/tests/result/bitcoin.pcap.out new file mode 100644 index 000000000..d10fa583d --- /dev/null +++ b/tests/result/bitcoin.pcap.out @@ -0,0 +1,8 @@ +Mining 637 581074 6 + + 1 TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 42/Mining][cat: Unspecified/99][2 pkts/281 bytes <-> 137 pkts/191029 bytes] + 2 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 42/Mining][cat: Unspecified/99][55 pkts/28663 bytes <-> 117 pkts/134830 bytes] + 3 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 42/Mining][cat: Unspecified/99][65 pkts/45271 bytes <-> 96 pkts/70339 bytes] + 4 TCP 192.168.1.142:55400 <-> 195.218.16.178:8333 [proto: 42/Mining][cat: Unspecified/99][47 pkts/26824 bytes <-> 72 pkts/55927 bytes] + 5 TCP 192.168.1.142:55317 <-> 188.165.213.169:8333 [proto: 42/Mining][cat: Unspecified/99][16 pkts/21673 bytes <-> 3 pkts/1771 bytes] + 6 TCP 192.168.1.142:55487 <-> 184.58.165.119:8333 [proto: 42/Mining][cat: Unspecified/99][24 pkts/3082 bytes <-> 3 pkts/1384 bytes] diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out new file mode 100644 index 000000000..a4c607d2d --- /dev/null +++ b/tests/result/ethereum.pcap.out @@ -0,0 +1,4 @@ +Mining 819 134165 2 + + 1 TCP 192.168.2.92:57726 <-> 94.23.36.128:4444 [proto: 42/Mining][cat: Unspecified/99][478 pkts/52883 bytes <-> 308 pkts/76667 bytes] + 2 TCP 192.168.2.92:41680 <-> 91.121.222.33:4444 [proto: 42/Mining][cat: Unspecified/99][20 pkts/2159 bytes <-> 13 pkts/2456 bytes] diff --git a/tests/result/monero.pcap.out b/tests/result/monero.pcap.out new file mode 100644 index 000000000..732ada2ed --- /dev/null +++ b/tests/result/monero.pcap.out @@ -0,0 +1,4 @@ +Mining 319 166676 2 + + 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Unspecified/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes] + 2 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Unspecified/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes] diff --git a/tests/result/zcash.pcap.out b/tests/result/zcash.pcap.out new file mode 100644 index 000000000..eb3e155ee --- /dev/null +++ b/tests/result/zcash.pcap.out @@ -0,0 +1,3 @@ +Mining 145 20644 1 + + 1 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Unspecified/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes] -- cgit v1.2.3 From 7117f0532c6229a2057d5f7cf1f0aa23abeb0ec8 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 18 Sep 2018 18:32:08 +0200 Subject: Mapped the mining category in ndpi_category_get_name() --- src/include/ndpi_typedefs.h | 12 +++++- src/lib/ndpi_main.c | 89 ++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 95 insertions(+), 6 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 385c330f4..52da6195d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -800,7 +800,17 @@ typedef enum { CUSTOM_CATEGORY_ADVERTISEMENT = 101, CUSTOM_CATEGORY_BANNED_SITE = 102, CUSTOM_CATEGORY_SITE_UNAVAILABLE = 103, - + + /* + IMPORTANT + + Please keep in sync with + + static const char* categories[] = { ..} + + in ndpi_main.c + */ + NDPI_PROTOCOL_NUM_CATEGORIES /* NOTE: Keep this as last member Unused as value but useful to getting the number of elements diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9b6501d9b..84a1de400 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1222,9 +1222,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MINING, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MINING, no_master, - no_master, "Mining", CUSTOM_CATEGORY_MINING /* dummy */, + no_master, "Mining", CUSTOM_CATEGORY_MINING, ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_43, @@ -5486,14 +5486,93 @@ static const char* categories[] = { "QuickTime", "RealMedia", "WindowsMedia", - "Webm", + "Webm", /* 32 */ + "", + "", + "", + "", + "", + "", + "", + "", + + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + + "", + "", + "", + "", + "", + "", + "", + "", + + "Mining", /* 99 */ + "Malware", + "Advertisement", + "Banned_Site", + "Site_Unavailable" }; const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_category_t category) { - if(!ndpi_mod) return(NULL); + if((!ndpi_mod) || (category >= NDPI_PROTOCOL_NUM_CATEGORIES)) + return(NULL); - if(category < NDPI_PROTOCOL_CATEGORY_CUSTOM_1) + if((category < NDPI_PROTOCOL_CATEGORY_CUSTOM_1) || (category >= CUSTOM_CATEGORY_MINING)) return(categories[category]); else { switch(category) { -- cgit v1.2.3 From 31f62c5cf54c41fcd73ed3d7862e37277f5449ea Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Wed, 19 Sep 2018 21:25:16 -0400 Subject: New dissector: Nest Log Sink This is a dissector for the Nest Log Sink protocol which is used by the Nest Protect (https://nest.com/ca/smoke-co-alarm/overview/). Signed-off-by: Darryl Sokoloski --- src/include/ndpi_protocol_ids.h | 2 +- src/include/ndpi_typedefs.h | 3 ++ src/lib/ndpi_main.c | 9 +++-- src/lib/protocols/nest_log_sink.c | 81 ++++++++++++++++++++++++++++++++++++++ tests/pcap/nest_log_sink.pcap | Bin 0 -> 146010 bytes 5 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 src/lib/protocols/nest_log_sink.c create mode 100644 tests/pcap/nest_log_sink.pcap (limited to 'src/lib') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 607e8deef..0d2712d20 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -77,8 +77,8 @@ typedef enum { NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ + NDPI_PROTOCOL_NEST_LOG_SINK = 43, /* Nest Log Sink (Nest Protect) - Darryl Sokoloski */ - NDPI_PROTOCOL_FREE_43 = 43, /* Free */ NDPI_PROTOCOL_FREE_44 = 44, /* Free */ NDPI_PROTOCOL_FREE_45 = 45, /* Free */ NDPI_PROTOCOL_FREE_46 = 46, /* Free */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 52da6195d..f0b47b358 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -596,6 +596,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_MEMCACHED */ u_int8_t memcached_matches; + +/* NDPI_PROTOCOL_NEST_LOG_SINK */ + u_int8_t nest_log_sink_matches; } #ifndef WIN32 __attribute__ ((__packed__)) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 84a1de400..83094602d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1227,10 +1227,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Mining", CUSTOM_CATEGORY_MINING, ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_43, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NEST_LOG_SINK, no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + no_master, "NestLogSink", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 11095, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_44, no_master, @@ -3228,6 +3228,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* Memcached */ init_memcached_dissector(ndpi_struct, &a, detection_bitmask); + /* Nest Log Sink */ + init_nest_log_sink_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c new file mode 100644 index 000000000..47cc65dc8 --- /dev/null +++ b/src/lib/protocols/nest_log_sink.c @@ -0,0 +1,81 @@ +/* + * nest_log_sink.c + * + * Copyright (C) 2009-2011 by ipoque GmbH + * Copyright (C) 2011-18 - ntop.org + * Copyright (C) 2018 - eGloo Incorporated + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NEST_LOG_SINK + +#include "ndpi_api.h" + +#define NEST_LOG_SINK_PORT 11095 +#define NEST_LOG_SINK_MIN_LEN 8 +#define NEST_LOG_SINK_MIN_MATCH 3 + +void ndpi_search_nest_log_sink( + struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + const u_int8_t *offset = packet->payload; + u_int8_t *matches; + + NDPI_LOG_DBG(ndpi_struct, "search nest_log_sink\n"); + + if (packet->payload_packet_len < NEST_LOG_SINK_MIN_LEN) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if (ntohs(packet->tcp->source) != NEST_LOG_SINK_PORT && + ntohs(packet->tcp->dest) != NEST_LOG_SINK_PORT) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if (packet->payload[1] <= 0x02 && + (packet->payload[2] == 0x00 || packet->payload[2] == 0x10) && + packet->payload[3] == 0x13) + flow->l4.tcp.nest_log_sink_matches++; + + if (flow->l4.tcp.nest_log_sink_matches == NEST_LOG_SINK_MIN_MATCH) { + NDPI_LOG_INFO(ndpi_struct, "found nest_log_sink\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NEST_LOG_SINK, NDPI_PROTOCOL_UNKNOWN); + } +} + +void init_nest_log_sink_dissector( + struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("NEST_LOG_SINK", + ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_NEST_LOG_SINK, + ndpi_search_nest_log_sink, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/tests/pcap/nest_log_sink.pcap b/tests/pcap/nest_log_sink.pcap new file mode 100644 index 000000000..2cf286d22 Binary files /dev/null and b/tests/pcap/nest_log_sink.pcap differ -- cgit v1.2.3 From 46ebf541e147924209174b655fad6a72e172fd6c Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Wed, 19 Sep 2018 22:05:39 -0400 Subject: Removed unused varaibles. Signed-off-by: Darryl Sokoloski --- src/lib/protocols/nest_log_sink.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c index 47cc65dc8..62e8fa75f 100644 --- a/src/lib/protocols/nest_log_sink.c +++ b/src/lib/protocols/nest_log_sink.c @@ -38,8 +38,6 @@ void ndpi_search_nest_log_sink( struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - const u_int8_t *offset = packet->payload; - u_int8_t *matches; NDPI_LOG_DBG(ndpi_struct, "search nest_log_sink\n"); -- cgit v1.2.3 From f639c237a19cb79c39af1fc552e336d504af0bad Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 24 Sep 2018 09:57:51 +0200 Subject: Added check for not going beyond the string lenght --- src/lib/ndpi_main.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 84a1de400..2c546d47d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5703,7 +5703,7 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { size_t len; if((c = *find++) != '\0') { - len = strlen(find); + len = strnlen(find, slen); do { do { if(slen-- < 1 || (sc = *s++) == '\0') @@ -5711,10 +5711,11 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { } while (sc != c); if(len > slen) return (NULL); - } while (strncmp(s, find, len) != 0); + } while(strncmp(s, find, len) != 0); s--; } - return ((char *)s); + + return((char *)s); } /* ****************************************************** */ -- cgit v1.2.3 From 1f24adc9cd90f05a463a71e7c2d14c1863ccba00 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 29 Sep 2018 08:28:26 +0200 Subject: Renamed source files to avoid clashes --- src/lib/ndpi_main.c | 2 +- src/lib/third_party/include/hash.h | 30 ------ src/lib/third_party/include/ht_hash.h | 30 ++++++ src/lib/third_party/src/hash.c | 188 ---------------------------------- src/lib/third_party/src/ht_hash.c | 188 ++++++++++++++++++++++++++++++++++ 5 files changed, 219 insertions(+), 219 deletions(-) delete mode 100644 src/lib/third_party/include/hash.h create mode 100644 src/lib/third_party/include/ht_hash.h delete mode 100644 src/lib/third_party/src/hash.c create mode 100644 src/lib/third_party/src/ht_hash.c (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2c546d47d..a199ebcd0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -43,7 +43,7 @@ #include "ndpi_content_match.c.inc" #include "third_party/include/ndpi_patricia.h" -#include "third_party/include/hash.h" +#include "third_party/include/ht_hash.h" #define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" diff --git a/src/lib/third_party/include/hash.h b/src/lib/third_party/include/hash.h deleted file mode 100644 index 2251706e4..000000000 --- a/src/lib/third_party/include/hash.h +++ /dev/null @@ -1,30 +0,0 @@ -/* Based on https://gist.github.com/tonious/1377667 */ - -#ifndef _HASH_H_ -#define _HASH_H_ - -#include "ndpi_api.h" - -struct entry_s { - char *key; - u_int16_t value; - struct entry_s *next; -}; - -typedef struct entry_s entry_t; - -struct hashtable_s { - int size; - struct entry_s **table; -}; - -typedef struct hashtable_s hashtable_t; - -extern hashtable_t *ht_create( int size ); -extern int ht_hash( hashtable_t *hashtable, char *key ); -extern entry_t *ht_newpair( char *key, u_int16_t value ); -extern void ht_set( hashtable_t *hashtable, char *key, u_int16_t value ); -extern u_int16_t ht_get( hashtable_t *hashtable, char *key ); -extern void ht_free( hashtable_t *hashtable ); - -#endif /* _HASH_H_ */ diff --git a/src/lib/third_party/include/ht_hash.h b/src/lib/third_party/include/ht_hash.h new file mode 100644 index 000000000..2251706e4 --- /dev/null +++ b/src/lib/third_party/include/ht_hash.h @@ -0,0 +1,30 @@ +/* Based on https://gist.github.com/tonious/1377667 */ + +#ifndef _HASH_H_ +#define _HASH_H_ + +#include "ndpi_api.h" + +struct entry_s { + char *key; + u_int16_t value; + struct entry_s *next; +}; + +typedef struct entry_s entry_t; + +struct hashtable_s { + int size; + struct entry_s **table; +}; + +typedef struct hashtable_s hashtable_t; + +extern hashtable_t *ht_create( int size ); +extern int ht_hash( hashtable_t *hashtable, char *key ); +extern entry_t *ht_newpair( char *key, u_int16_t value ); +extern void ht_set( hashtable_t *hashtable, char *key, u_int16_t value ); +extern u_int16_t ht_get( hashtable_t *hashtable, char *key ); +extern void ht_free( hashtable_t *hashtable ); + +#endif /* _HASH_H_ */ diff --git a/src/lib/third_party/src/hash.c b/src/lib/third_party/src/hash.c deleted file mode 100644 index 61ba9fbf6..000000000 --- a/src/lib/third_party/src/hash.c +++ /dev/null @@ -1,188 +0,0 @@ -/* Based on https://gist.github.com/tonious/1377667 */ - -#include -#include -#include -#include -#include -#include - -#include "hash.h" - -/* #define HASH_DEBUG 1 */ - -/* Create a new hashtable. */ -hashtable_t *ht_create(int size) { - hashtable_t *hashtable = NULL; - int i; - - if(size < 1) return NULL; - - /* Allocate the table itself. */ - if((hashtable = ndpi_malloc(sizeof(hashtable_t))) == NULL) - return NULL; - - /* Allocate pointers to the head nodes. */ - if((hashtable->table = ndpi_malloc(sizeof(entry_t *) * size)) == NULL) - return NULL; - else { - for(i = 0; i < size; i++) - hashtable->table[i] = NULL; - } - - hashtable->size = size; - - return hashtable; -} - -/* **************************************************** */ - -/* Hash a string for a particular hash table. */ -int ht_hash(hashtable_t *hashtable, char *key) { - unsigned long int hashval = 0; - int i = 0; - - /* Convert our string to an integer */ - while(hashval < ULONG_MAX && i < strlen(key)) { - hashval = hashval << 8; - hashval += key[ i ]; - i++; - } - - return hashval % hashtable->size; -} - -/* **************************************************** */ - -/* Create a key-value pair. */ -entry_t *ht_newpair(char *key, u_int16_t value) { - entry_t *newpair; - - if((newpair = ndpi_malloc(sizeof(entry_t))) == NULL) - return NULL; - - if((newpair->key = ndpi_strdup(key)) == NULL) - return NULL; - - newpair->value = value, newpair->next = NULL; - - return newpair; -} - -/* **************************************************** */ - -/* Insert a key-value pair into a hash table. */ -void ht_set(hashtable_t *hashtable, char *key, u_int16_t value) { - int bin = 0; - entry_t *newpair = NULL; - entry_t *next = NULL; - entry_t *last = NULL; - -#ifdef HASH_DEBUG - printf("*** %s() %s = %u ***\n", __FUNCTION__, key, value); -#endif - - bin = ht_hash(hashtable, key); - - next = hashtable->table[ bin ]; - - while(next != NULL && next->key != NULL && strcmp(key, next->key) > 0) { - last = next; - next = next->next; - } - - /* There's already a pair. Let's replace that string. */ - if(next != NULL && next->key != NULL && strcmp(key, next->key) == 0) { - next->value = value; - - /* Nope, could't find it. Time to grow a pair. */ - } else { - newpair = ht_newpair(key, value); - - /* We're at the start of the linked list in this bin. */ - if(next == hashtable->table[ bin ]) { - newpair->next = next; - hashtable->table[ bin ] = newpair; - - /* We're at the end of the linked list in this bin. */ - } else if (next == NULL) { - last->next = newpair; - - /* We're in the middle of the list. */ - } else { - newpair->next = next; - last->next = newpair; - } - } -} - -/* **************************************************** */ - -/* Retrieve a key-value pair from a hash table. */ -u_int16_t ht_get(hashtable_t *hashtable, char *key) { - int bin = 0; - entry_t *pair; - -#ifdef HASH_DEBUG - printf("*** %s() %s = %u ***\n", __FUNCTION__, key, pair->value); -#endif - - bin = ht_hash(hashtable, key); - - /* Step through the bin, looking for our value. */ - pair = hashtable->table[ bin ]; - while(pair != NULL && pair->key != NULL && strcmp(key, pair->key) > 0) { - pair = pair->next; - } - - /* Did we actually find anything? */ - if(pair == NULL || pair->key == NULL || strcmp(key, pair->key) != 0) { - return 0; - } else { - return pair->value; - } -} - -/* **************************************************** */ - -void ht_free(hashtable_t *hashtable) { - int i; - - for(i=0; isize; i++) { - struct entry_s *t = hashtable->table[i]; - - while(t != NULL) { - struct entry_s *next = t->next; - - ndpi_free(t->key); - ndpi_free(t); - - t = next; - } - } - - ndpi_free(hashtable->table); - ndpi_free(hashtable); -} - -/* **************************************************** */ - -#ifdef HASH_TEST - -int main(int argc, char **argv) { - hashtable_t *hashtable = ht_create(65536); - - ht_set(hashtable, "key1", 32); - ht_set(hashtable, "key2", 34); - ht_set(hashtable, "key3", 124); - ht_set(hashtable, "key4", 98); - - printf("%u\n", ht_get(hashtable, "key1")); - printf("%u\n", ht_get(hashtable, "key2")); - printf("%u\n", ht_get(hashtable, "key3")); - printf("%u\n", ht_get(hashtable, "key4")); - - return 0; -} - -#endif diff --git a/src/lib/third_party/src/ht_hash.c b/src/lib/third_party/src/ht_hash.c new file mode 100644 index 000000000..4eaac9bcb --- /dev/null +++ b/src/lib/third_party/src/ht_hash.c @@ -0,0 +1,188 @@ +/* Based on https://gist.github.com/tonious/1377667 */ + +#include +#include +#include +#include +#include +#include + +#include "ht_hash.h" + +/* #define HASH_DEBUG 1 */ + +/* Create a new hashtable. */ +hashtable_t *ht_create(int size) { + hashtable_t *hashtable = NULL; + int i; + + if(size < 1) return NULL; + + /* Allocate the table itself. */ + if((hashtable = ndpi_malloc(sizeof(hashtable_t))) == NULL) + return NULL; + + /* Allocate pointers to the head nodes. */ + if((hashtable->table = ndpi_malloc(sizeof(entry_t *) * size)) == NULL) + return NULL; + else { + for(i = 0; i < size; i++) + hashtable->table[i] = NULL; + } + + hashtable->size = size; + + return hashtable; +} + +/* **************************************************** */ + +/* Hash a string for a particular hash table. */ +int ht_hash(hashtable_t *hashtable, char *key) { + unsigned long int hashval = 0; + int i = 0; + + /* Convert our string to an integer */ + while(hashval < ULONG_MAX && i < strlen(key)) { + hashval = hashval << 8; + hashval += key[ i ]; + i++; + } + + return hashval % hashtable->size; +} + +/* **************************************************** */ + +/* Create a key-value pair. */ +entry_t *ht_newpair(char *key, u_int16_t value) { + entry_t *newpair; + + if((newpair = ndpi_malloc(sizeof(entry_t))) == NULL) + return NULL; + + if((newpair->key = ndpi_strdup(key)) == NULL) + return NULL; + + newpair->value = value, newpair->next = NULL; + + return newpair; +} + +/* **************************************************** */ + +/* Insert a key-value pair into a hash table. */ +void ht_set(hashtable_t *hashtable, char *key, u_int16_t value) { + int bin = 0; + entry_t *newpair = NULL; + entry_t *next = NULL; + entry_t *last = NULL; + +#ifdef HASH_DEBUG + printf("*** %s() %s = %u ***\n", __FUNCTION__, key, value); +#endif + + bin = ht_hash(hashtable, key); + + next = hashtable->table[ bin ]; + + while(next != NULL && next->key != NULL && strcmp(key, next->key) > 0) { + last = next; + next = next->next; + } + + /* There's already a pair. Let's replace that string. */ + if(next != NULL && next->key != NULL && strcmp(key, next->key) == 0) { + next->value = value; + + /* Nope, could't find it. Time to grow a pair. */ + } else { + newpair = ht_newpair(key, value); + + /* We're at the start of the linked list in this bin. */ + if(next == hashtable->table[ bin ]) { + newpair->next = next; + hashtable->table[ bin ] = newpair; + + /* We're at the end of the linked list in this bin. */ + } else if (next == NULL) { + last->next = newpair; + + /* We're in the middle of the list. */ + } else { + newpair->next = next; + last->next = newpair; + } + } +} + +/* **************************************************** */ + +/* Retrieve a key-value pair from a hash table. */ +u_int16_t ht_get(hashtable_t *hashtable, char *key) { + int bin = 0; + entry_t *pair; + +#ifdef HASH_DEBUG + printf("*** %s() %s = %u ***\n", __FUNCTION__, key, pair->value); +#endif + + bin = ht_hash(hashtable, key); + + /* Step through the bin, looking for our value. */ + pair = hashtable->table[ bin ]; + while(pair != NULL && pair->key != NULL && strcmp(key, pair->key) > 0) { + pair = pair->next; + } + + /* Did we actually find anything? */ + if(pair == NULL || pair->key == NULL || strcmp(key, pair->key) != 0) { + return 0; + } else { + return pair->value; + } +} + +/* **************************************************** */ + +void ht_free(hashtable_t *hashtable) { + int i; + + for(i=0; isize; i++) { + struct entry_s *t = hashtable->table[i]; + + while(t != NULL) { + struct entry_s *next = t->next; + + ndpi_free(t->key); + ndpi_free(t); + + t = next; + } + } + + ndpi_free(hashtable->table); + ndpi_free(hashtable); +} + +/* **************************************************** */ + +#ifdef HASH_TEST + +int main(int argc, char **argv) { + hashtable_t *hashtable = ht_create(65536); + + ht_set(hashtable, "key1", 32); + ht_set(hashtable, "key2", 34); + ht_set(hashtable, "key3", 124); + ht_set(hashtable, "key4", 98); + + printf("%u\n", ht_get(hashtable, "key1")); + printf("%u\n", ht_get(hashtable, "key2")); + printf("%u\n", ht_get(hashtable, "key3")); + printf("%u\n", ht_get(hashtable, "key4")); + + return 0; +} + +#endif -- cgit v1.2.3 From 90ca91caa85dcd4d7e7223f80b532db42b1f2c2b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 29 Sep 2018 08:38:00 +0200 Subject: Renamed files to avoid name clashes during compilation with other libs --- src/lib/ndpi_main.c | 2 - src/lib/protocols/mdns.c | 159 ---------------------------- src/lib/protocols/mdns_proto.c | 159 ++++++++++++++++++++++++++++ src/lib/protocols/snmp.c | 141 ------------------------ src/lib/protocols/snmp_proto.c | 141 ++++++++++++++++++++++++ src/lib/third_party/include/ndpi_patricia.h | 2 +- 6 files changed, 301 insertions(+), 303 deletions(-) delete mode 100644 src/lib/protocols/mdns.c create mode 100644 src/lib/protocols/mdns_proto.c delete mode 100644 src/lib/protocols/snmp.c create mode 100644 src/lib/protocols/snmp_proto.c (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a199ebcd0..3f5db625d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -741,7 +741,6 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; static u_int16_t generic_id = NDPI_LAST_IMPLEMENTED_PROTOCOL; - u_int16_t p_id; if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { if(match->protocol_id == NDPI_PROTOCOL_GENERIC) @@ -989,7 +988,6 @@ static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_s Do NOT add web services (NDPI_SERVICE_xxx) here. */ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) { - int i; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }, custom_master[2]; diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c deleted file mode 100644 index 77bdf4208..000000000 --- a/src/lib/protocols/mdns.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * mdns.c - * - * Copyright (C) 2016-18 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ -#include "ndpi_protocol_ids.h" - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MDNS - -#include "ndpi_api.h" - -#define NDPI_MAX_MDNS_REQUESTS 128 - -PACK_ON -struct mdns_header { - u_int16_t transaction_id, flags, questions, answers, authority_rr, additional_rr; -} PACK_OFF; - -/** - MDNS header is similar to dns header - - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ID = 0x0000 | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | FLAGS | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | QDCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ANCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | NSCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ARCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -*/ - - -static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MDNS, NDPI_PROTOCOL_UNKNOWN); -} - -static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - struct mdns_header *h = (struct mdns_header*)packet->payload; - u_int16_t questions = ntohs(h->questions), answers = ntohs(h->answers); - - if(((packet->payload[2] & 0x80) == 0) - && (questions <= NDPI_MAX_MDNS_REQUESTS) - && (answers <= NDPI_MAX_MDNS_REQUESTS)) { - NDPI_LOG_INFO(ndpi_struct, "found MDNS with question query\n"); - return 1; - } - else if(((packet->payload[2] & 0x80) != 0) - && (questions == 0) - && (answers <= NDPI_MAX_MDNS_REQUESTS) - && (answers != 0)) { - char answer[256]; - int i, j, len; - - for(i=13, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(answer)-1)); i++) - answer[j++] = (packet->payload[i] < 13) ? '.' : packet->payload[i]; - - answer[j] = '\0'; - - /* printf("==> [%d] %s\n", j, answer); */ - - if(!ndpi_struct->disable_metadata_export) { - len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); - strncpy(flow->protos.mdns.answer, (const char *)answer, len); - flow->protos.mdns.answer[len] = '\0'; - } - - NDPI_LOG_INFO(ndpi_struct, "found MDNS with answer query\n"); - return 1; - } - - return 0; -} - -void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - u_int16_t dport; - - NDPI_LOG_DBG(ndpi_struct, "search MDNS\n"); - - /** - information from http://www.it-administrator.de/lexikon/multicast-dns.html - */ - - /* check if UDP packet */ - if(packet->udp != NULL) { - /* read destination port */ - dport = ntohs(packet->udp->dest); - - /* check standard MDNS ON port 5353 */ - if(dport == 5353 && packet->payload_packet_len >= 12) { - /* mdns protocol must have destination address 224.0.0.251 */ - if(packet->iph != NULL /* && ntohl(packet->iph->daddr) == 0xe00000fb */) { - - NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); - - if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { - ndpi_int_mdns_add_connection(ndpi_struct, flow); - return; - } - } -#ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(packet->iphv6 != NULL) { - const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; - if(daddr[0] == htonl(0xff020000) /* && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb) */) { - - NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address ff02::fb\n"); - - if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { - ndpi_int_mdns_add_connection(ndpi_struct, flow); - return; - } - } - } -#endif - } - } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -} - - -void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("MDNS", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_MDNS, - ndpi_search_mdns, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - diff --git a/src/lib/protocols/mdns_proto.c b/src/lib/protocols/mdns_proto.c new file mode 100644 index 000000000..77bdf4208 --- /dev/null +++ b/src/lib/protocols/mdns_proto.c @@ -0,0 +1,159 @@ +/* + * mdns.c + * + * Copyright (C) 2016-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MDNS + +#include "ndpi_api.h" + +#define NDPI_MAX_MDNS_REQUESTS 128 + +PACK_ON +struct mdns_header { + u_int16_t transaction_id, flags, questions, answers, authority_rr, additional_rr; +} PACK_OFF; + +/** + MDNS header is similar to dns header + + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ID = 0x0000 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | FLAGS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QDCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ANCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | NSCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ARCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +*/ + + +static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct + *ndpi_struct, struct ndpi_flow_struct *flow) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MDNS, NDPI_PROTOCOL_UNKNOWN); +} + +static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct + *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + struct mdns_header *h = (struct mdns_header*)packet->payload; + u_int16_t questions = ntohs(h->questions), answers = ntohs(h->answers); + + if(((packet->payload[2] & 0x80) == 0) + && (questions <= NDPI_MAX_MDNS_REQUESTS) + && (answers <= NDPI_MAX_MDNS_REQUESTS)) { + NDPI_LOG_INFO(ndpi_struct, "found MDNS with question query\n"); + return 1; + } + else if(((packet->payload[2] & 0x80) != 0) + && (questions == 0) + && (answers <= NDPI_MAX_MDNS_REQUESTS) + && (answers != 0)) { + char answer[256]; + int i, j, len; + + for(i=13, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(answer)-1)); i++) + answer[j++] = (packet->payload[i] < 13) ? '.' : packet->payload[i]; + + answer[j] = '\0'; + + /* printf("==> [%d] %s\n", j, answer); */ + + if(!ndpi_struct->disable_metadata_export) { + len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); + strncpy(flow->protos.mdns.answer, (const char *)answer, len); + flow->protos.mdns.answer[len] = '\0'; + } + + NDPI_LOG_INFO(ndpi_struct, "found MDNS with answer query\n"); + return 1; + } + + return 0; +} + +void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + u_int16_t dport; + + NDPI_LOG_DBG(ndpi_struct, "search MDNS\n"); + + /** + information from http://www.it-administrator.de/lexikon/multicast-dns.html + */ + + /* check if UDP packet */ + if(packet->udp != NULL) { + /* read destination port */ + dport = ntohs(packet->udp->dest); + + /* check standard MDNS ON port 5353 */ + if(dport == 5353 && packet->payload_packet_len >= 12) { + /* mdns protocol must have destination address 224.0.0.251 */ + if(packet->iph != NULL /* && ntohl(packet->iph->daddr) == 0xe00000fb */) { + + NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); + + if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { + ndpi_int_mdns_add_connection(ndpi_struct, flow); + return; + } + } +#ifdef NDPI_DETECTION_SUPPORT_IPV6 + if(packet->iphv6 != NULL) { + const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; + if(daddr[0] == htonl(0xff020000) /* && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb) */) { + + NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address ff02::fb\n"); + + if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { + ndpi_int_mdns_add_connection(ndpi_struct, flow); + return; + } + } + } +#endif + } + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + + +void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("MDNS", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_MDNS, + ndpi_search_mdns, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c deleted file mode 100644 index 759d6bae0..000000000 --- a/src/lib/protocols/snmp.c +++ /dev/null @@ -1,141 +0,0 @@ -/* - * snmp.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-18 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#include "ndpi_protocol_ids.h" - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SNMP - -#include "ndpi_api.h" - -static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, NDPI_PROTOCOL_UNKNOWN); -} - -void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG_DBG(ndpi_struct, "search SNMP\n"); - - if (packet->payload_packet_len > 32 && packet->payload[0] == 0x30) { - int offset; - u_int16_t u16; - - switch (packet->payload[1]) { - case 0x81: - offset = 3; - break; - case 0x82: - offset = 4; - break; - default: - if (packet->payload[1] > 0x82) { - NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, second byte is > 0x82\n"); - goto excl; - } - offset = 2; - } - - u16 = ntohs(get_u_int16_t(packet->payload, offset)); - - if((u16 != 0x0201) && (u16 != 0x0204)) { - NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); - goto excl; - } - - if (packet->payload[offset + 2] >= 0x04) { - NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, version > 3\n"); - goto excl; - } - - if (flow->l4.udp.snmp_stage == 0) { - if (packet->udp->dest == htons(161) || packet->udp->dest == htons(162)) { - NDPI_LOG_INFO(ndpi_struct, "found SNMP by port\n"); - ndpi_int_snmp_add_connection(ndpi_struct, flow); - return; - } - NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 0\n"); - if (packet->payload[offset + 2] == 3) { - flow->l4.udp.snmp_msg_id = ntohs(get_u_int32_t(packet->payload, offset + 8)); - } else if (packet->payload[offset + 2] == 0) { - flow->l4.udp.snmp_msg_id = get_u_int8_t(packet->payload, offset + 15); - } else { - flow->l4.udp.snmp_msg_id = ntohs(get_u_int16_t(packet->payload, offset + 15)); - } - flow->l4.udp.snmp_stage = 1 + packet->packet_direction; - return; - } else if (flow->l4.udp.snmp_stage == 1 + packet->packet_direction) { - if (packet->payload[offset + 2] == 0) { - if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15) - 1) { - NDPI_LOG_DBG2(ndpi_struct, - "SNMP v1 excluded, message ID doesn't match\n"); - goto excl; - } - } - } else if (flow->l4.udp.snmp_stage == 2 - packet->packet_direction) { - NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 1-2\n"); - if (packet->payload[offset + 2] == 3) { - if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int32_t(packet->payload, offset + 8))) { - NDPI_LOG_DBG2(ndpi_struct, - "SNMP v3 excluded, message ID doesn't match\n"); - goto excl; - } - } else if (packet->payload[offset + 2] == 0) { - if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15)) { - NDPI_LOG_DBG2(ndpi_struct, - "SNMP v1 excluded, message ID doesn't match\n"); - goto excl; - } - } else { - if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int16_t(packet->payload, offset + 15))) { - NDPI_LOG_DBG2(ndpi_struct, - "SNMP v2 excluded, message ID doesn't match\n"); - goto excl; - } - } - NDPI_LOG_INFO(ndpi_struct, "found SNMP\n"); - ndpi_int_snmp_add_connection(ndpi_struct, flow); - return; - } - } - excl: - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - -} - - -void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("SNMP", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_SNMP, - ndpi_search_snmp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c new file mode 100644 index 000000000..759d6bae0 --- /dev/null +++ b/src/lib/protocols/snmp_proto.c @@ -0,0 +1,141 @@ +/* + * snmp.c + * + * Copyright (C) 2009-2011 by ipoque GmbH + * Copyright (C) 2011-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SNMP + +#include "ndpi_api.h" + +static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct + *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search SNMP\n"); + + if (packet->payload_packet_len > 32 && packet->payload[0] == 0x30) { + int offset; + u_int16_t u16; + + switch (packet->payload[1]) { + case 0x81: + offset = 3; + break; + case 0x82: + offset = 4; + break; + default: + if (packet->payload[1] > 0x82) { + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, second byte is > 0x82\n"); + goto excl; + } + offset = 2; + } + + u16 = ntohs(get_u_int16_t(packet->payload, offset)); + + if((u16 != 0x0201) && (u16 != 0x0204)) { + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); + goto excl; + } + + if (packet->payload[offset + 2] >= 0x04) { + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, version > 3\n"); + goto excl; + } + + if (flow->l4.udp.snmp_stage == 0) { + if (packet->udp->dest == htons(161) || packet->udp->dest == htons(162)) { + NDPI_LOG_INFO(ndpi_struct, "found SNMP by port\n"); + ndpi_int_snmp_add_connection(ndpi_struct, flow); + return; + } + NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 0\n"); + if (packet->payload[offset + 2] == 3) { + flow->l4.udp.snmp_msg_id = ntohs(get_u_int32_t(packet->payload, offset + 8)); + } else if (packet->payload[offset + 2] == 0) { + flow->l4.udp.snmp_msg_id = get_u_int8_t(packet->payload, offset + 15); + } else { + flow->l4.udp.snmp_msg_id = ntohs(get_u_int16_t(packet->payload, offset + 15)); + } + flow->l4.udp.snmp_stage = 1 + packet->packet_direction; + return; + } else if (flow->l4.udp.snmp_stage == 1 + packet->packet_direction) { + if (packet->payload[offset + 2] == 0) { + if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15) - 1) { + NDPI_LOG_DBG2(ndpi_struct, + "SNMP v1 excluded, message ID doesn't match\n"); + goto excl; + } + } + } else if (flow->l4.udp.snmp_stage == 2 - packet->packet_direction) { + NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 1-2\n"); + if (packet->payload[offset + 2] == 3) { + if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int32_t(packet->payload, offset + 8))) { + NDPI_LOG_DBG2(ndpi_struct, + "SNMP v3 excluded, message ID doesn't match\n"); + goto excl; + } + } else if (packet->payload[offset + 2] == 0) { + if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15)) { + NDPI_LOG_DBG2(ndpi_struct, + "SNMP v1 excluded, message ID doesn't match\n"); + goto excl; + } + } else { + if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int16_t(packet->payload, offset + 15))) { + NDPI_LOG_DBG2(ndpi_struct, + "SNMP v2 excluded, message ID doesn't match\n"); + goto excl; + } + } + NDPI_LOG_INFO(ndpi_struct, "found SNMP\n"); + ndpi_int_snmp_add_connection(ndpi_struct, flow); + return; + } + } + excl: + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + +} + + +void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("SNMP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_SNMP, + ndpi_search_snmp, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h index bb1806877..c61513f92 100644 --- a/src/lib/third_party/include/ndpi_patricia.h +++ b/src/lib/third_party/include/ndpi_patricia.h @@ -102,7 +102,7 @@ typedef struct the_prefix_t { /* pointer to usr data (ex. route flap info) */ union patricia_node_value_t { void *user_data; - u_int32_t user_value; + unsigned int user_value; }; typedef struct _patricia_node_t { -- cgit v1.2.3 From 1d56c9aa1b4d8279a56baa3238f67e61ea901589 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 2 Oct 2018 23:54:01 +0800 Subject: fix remake --- example/Makefile.in | 2 +- src/lib/Makefile.in | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/example/Makefile.in b/example/Makefile.in index 7f465bdde..d3d4aed20 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -16,5 +16,5 @@ install: cp ndpiReader /usr/local/bin clean: - /bin/rm *.o ndpiReader + /bin/rm -f *.o ndpiReader diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index ca2900171..af7206ad0 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -38,7 +38,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(NDPI_LIB_SHARED): $(OBJECTS) $(CC) -shared -fPIC -o $@ $(OBJECTS) - ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ @@ -49,6 +49,6 @@ clean: install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ - ln -Fs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) mkdir -p $(DESTDIR)$(includedir) cp ../include/*.h $(DESTDIR)$(includedir) -- cgit v1.2.3 From 6ff6c2e5afc13bfaa2422910817a86cc167e2c5b Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Wed, 10 Oct 2018 10:43:51 +0200 Subject: Fix category field not accounted in ndpi_get_proto_category Fixes #627 --- src/lib/ndpi_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 760d29a26..dc8443ee8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5599,8 +5599,10 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto) { + if(proto.category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) + return proto.category; /* simple rule: sub protocol first, master after */ - if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || + else if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || (ndpi_mod->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) return ndpi_mod->proto_defaults[proto.app_protocol].protoCategory; else -- cgit v1.2.3 From cdf197ccfeedad29ceeca9b38a188dcdef6b7c06 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Wed, 10 Oct 2018 13:29:49 +0200 Subject: Add function to search host in custom categories --- src/include/ndpi_api.h | 2 ++ src/lib/ndpi_main.c | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) (limited to 'src/lib') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 0409cb8c4..d1e9148b2 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -738,6 +738,8 @@ extern "C" { void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret); + int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct, + char *name_or_ip, unsigned long *id); int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod, ndpi_detection_preference pref, int value); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dc8443ee8..9b2f80f86 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2366,6 +2366,42 @@ static int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_ /* *********************************************** */ +int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct, + char *name_or_ip, unsigned long *id) { + char ipbuf[64]; + struct in_addr pin; + + if(!ndpi_struct->custom_categories.categories_loaded) + return -1; + + strncpy(ipbuf, name_or_ip, sizeof(ipbuf)); + char *ptr = strrchr(ipbuf, '/'); + + if(ptr) + ptr[0] = '\0'; + + if(inet_pton(AF_INET, ipbuf, &pin) == 1) { + /* Search IP */ + prefix_t prefix; + patricia_node_t *node; + + /* Make sure all in network byte order otherwise compares wont work */ + fill_prefix_v4(&prefix, &pin, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); + node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); + + if(node) { + *id = node->value.user_value; + return 0; + } + + return(-1); + } else + /* Search Host */ + return ndpi_match_custom_category(ndpi_struct, name_or_ip, id); +} + +/* *********************************************** */ + static void free_ptree_data(void *data) { ; } /* ****************************************************** */ -- cgit v1.2.3 From 67a1a07ac1eee40e48f262d17447711cbdf6f148 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Wed, 10 Oct 2018 13:33:02 +0200 Subject: Fix custom categories match by IP not working --- src/lib/ndpi_main.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9b2f80f86..b2abe0068 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4204,18 +4204,15 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) #else /* Free */ ac_automata_release((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames.ac_automa); - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses, free_ptree_data); /* Finalize */ ac_automata_finalize((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames_shadow.ac_automa); /* Swap */ ndpi_str->custom_categories.hostnames.ac_automa = ndpi_str->custom_categories.hostnames_shadow.ac_automa; - ndpi_str->custom_categories.ipAddresses = ndpi_str->custom_categories.ipAddresses_shadow; /* Realloc */ ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); - ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); #endif } -- cgit v1.2.3 From 40294f3aed28456332bef71e8cfaea36b2e82a6c Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Wed, 10 Oct 2018 15:56:46 +0200 Subject: Custom categories have now priority over protocol related categories --- src/lib/ndpi_main.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b2abe0068..7b9205081 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4233,11 +4233,6 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { - if(flow->category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) { - ret->category = flow->category; - return; - } - if(ndpi_struct->custom_categories.categories_loaded) { if(flow->packet.iph) { prefix_t prefix; @@ -5895,7 +5890,9 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str packet->detected_protocol_stack[0] = matching_protocol_id; flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0], - flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1], + flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1]; + + if(flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) flow->category = ret_match->protocol_category; return(packet->detected_protocol_stack[0]); -- cgit v1.2.3 From 4b4f4be3a5087eb6f60f1a171547804daccbb749 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Thu, 11 Oct 2018 12:27:13 +0200 Subject: Add -g flag --- src/lib/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index af7206ad0..216595430 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -14,7 +14,7 @@ prefix = /usr/local libdir = ${prefix}/lib includedir = ${prefix}/include/ndpi CC = @CC@ -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 # -g +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 -g RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o -- cgit v1.2.3 From 6789d419935534e3b9eafeac8904a28b61e78973 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Thu, 11 Oct 2018 12:40:11 +0200 Subject: Fix category match not using client certificate --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7b9205081..e0e18fc62 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4265,9 +4265,9 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc } } - if(flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') { + if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') { unsigned long id; - int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.server_certificate, &id); + int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.client_certificate, &id); if(rc == 0) { flow->category = ret->category = (ndpi_protocol_category_t)id; -- cgit v1.2.3 From a62f90073a01d953d64a49320ba54a2dfd8e987e Mon Sep 17 00:00:00 2001 From: kyrol Date: Thu, 11 Oct 2018 16:16:55 +0200 Subject: fix domain name checking for https://github.com/ntop/nDPI/issues/617 --- src/lib/ndpi_content_match.c.inc | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 57c53872c..8814e08de 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -541,7 +541,7 @@ static ndpi_network host_protocol_list[] = { { 0xC0AD4000 /* 192.173.64.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, { 0xC6266000 /* 198.38.96.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, { 0xC62D3000 /* 198.45.48.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, - { 0xD194D687 /* 209.148.214.135/21 */, 21, NDPI_PROTOCOL_NETFLIX }, + { 0xD194D687 /* 209.148.214.135/21 */, 21, NDPI_PROTOCOL_NETFLIX }, /* Cloudflare, Inc. @@ -7925,7 +7925,7 @@ static ndpi_network host_protocol_list[] = { Valve Corporation (Steam) origin AS32590 */ - + { 0x2D79B800 /* 45.121.184.0/22 */, 22, NDPI_PROTOCOL_STEAM }, { 0x670A7C00 /* 103.10.124.0/23 */, 23, NDPI_PROTOCOL_STEAM }, { 0x671C3600 /* 103.28.54.0/23 */, 23, NDPI_PROTOCOL_STEAM }, @@ -7943,14 +7943,14 @@ static ndpi_network host_protocol_list[] = { { 0xD040C800 /* 208.64.200.0/24 */, 24, NDPI_PROTOCOL_STEAM }, { 0xD040C900 /* 208.64.201.0/22 */, 22, NDPI_PROTOCOL_STEAM }, { 0xD04EA400 /* 208.78.164.0/22 */, 22, NDPI_PROTOCOL_STEAM }, - + /* VidTO - */ + */ { 0x51111030 /* 81.17.16.48/32 */, 32, NDPI_PROTOCOL_VIDTO }, { 0x5fb7329d /* 95.183.50.157/32 */, 32, NDPI_PROTOCOL_VIDTO }, { 0x577824f2 /* 87.120.36.242/32 */, 32, NDPI_PROTOCOL_VIDTO }, - + { 0x0, 0, 0 } }; @@ -8009,7 +8009,7 @@ static ndpi_network host_protocol_list[] = { /* ****************************************************** */ -/* +/* Each part of a domain name can be no longer than 63 characters. There are no single-digit top-level domains and none contain digits. It doesn't look like ICANN will approve such domains either. @@ -8095,7 +8095,6 @@ ndpi_protocol_match host_match[] = { { "ntop.org", NULL, "ntop\\.org$", "ntop", NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - { "docs.googleusercontent.com", NULL, "docs\\.googleusercontent" TLD, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.googleusercontent.com", NULL, "docs.googleusercontent" TLD, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.google.com", NULL, "docs.google" TLD, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8103,7 +8102,6 @@ ndpi_protocol_match host_match[] = { { "drive.google.com", NULL, "drive.google" TLD, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "android.clients.google.com", NULL, "android\\.clients\\.google" TLD, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "ggpht.com", NULL, "ggpht" TLD, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* See https://better.fyi/trackers/ @@ -8136,7 +8134,7 @@ ndpi_protocol_match host_match[] = { { "google-analytics.", NULL, "google-analytics\\.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, { "gtv1.com", NULL, "gtv1" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - /* Google Hangout */ + /* Google Hangout */ { "images2-hangout-opensocial.googleusercontent.com", NULL, "images2-hangout-opensocial\\.googleusercontent" TLD, "GoogleHangout", NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, /* Google Services */ @@ -8162,6 +8160,7 @@ ndpi_protocol_match host_match[] = { { "google.", NULL, "google" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".gstatic.com", NULL, "\\.gstatic" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "ggpht.com", NULL, "ggpht" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "mail.outlook.com", NULL, "mail\\.outlook" TLD, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8217,7 +8216,6 @@ ndpi_protocol_match host_match[] = { { ".googlevideo.com", NULL, "\\.googlevideo" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".ytimg.com", NULL, "\\.ytimg" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube-nocookie.", NULL, "youtube-nocookie" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ggpht.com", NULL, "ggpht" TLD, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".vevo.com", NULL, "\\.vevo" TLD, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8225,7 +8223,7 @@ ndpi_protocol_match host_match[] = { { "audio-fa.scdn.co", NULL, "audio-fa\\.scdn" TLD, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "edge-mqtt.facebook.com", NULL, "edge-mqtt\\.facebook" TLD, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "messenger.com", NULL, "messenger\\.com" TLD, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "messenger.com", NULL, "messenger\\.com" TLD, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".pandora.com", NULL, "\\.pandora" TLD, "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, @@ -8332,7 +8330,7 @@ ndpi_protocol_match host_match[] = { { "muscdn.com", NULL, "muscdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "livelycdn.com", NULL, "livelycdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "direct.ly", NULL, "direct\\.ly$", "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - + { "github.com", NULL, "github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".github.com", NULL, "\\.github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8395,7 +8393,7 @@ ndpi_protocol_match host_match[] = { than by protocol id. They are bound to a generic protocol (NDPI_PROTOCOL_GENERIC) and placed onto the right category */ { "quickplay.com", NULL, "quickplay" TLD, "QuickPlay", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - + { ".iqiyi.com", NULL, "\\.iqiyi" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".qiyi.com", NULL, "\\.qiyi" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".71.am", NULL, "\\.71" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 3e5db956a8cc97a920741587ad156915d3a59100 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 11 Oct 2018 17:47:00 +0200 Subject: Added further ubuntu servers --- src/lib/ndpi_content_match.c.inc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 57c53872c..70e9aca55 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -812,8 +812,8 @@ static ndpi_network host_protocol_list[] = { origin AS41231 */ - { 0x5BBD5800 /* 91.189.88.0/21 */, 21, NDPI_PROTOCOL_UBUNTUONE }, - { 0xA2D52000 /* 162.213.32.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE }, + { 0x5BBD5800 /* 91.189.88.0/21 */, 21, NDPI_PROTOCOL_UBUNTUONE }, + { 0xA2D52000 /* 162.213.32.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE }, { 0xB97DBC00 /* 185.125.188.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE }, /* @@ -8418,6 +8418,9 @@ ndpi_protocol_match host_match[] = { { "showmax.com", NULL, "showmax" TLD, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "showmax.akamaized.net", NULL, "showmax\\.akamaized" TLD, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "snapcraft.io", NULL, "snapcraft\\.io" TLD, "UbuntuONE", NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "ubuntu.com", NULL, "ubuntu\\.com" TLD, "UbuntuONE", NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { NULL, NULL, NULL, 0 } }; -- cgit v1.2.3 From 01444f79e1a780259090a68fbdb73eacfacd5d5b Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 29 Oct 2018 14:47:53 +0100 Subject: Added NDPI_MIN_NUM_STUN_DETECTION constant --- src/include/ndpi_define.h.in | 1 + src/lib/ndpi_main.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 37e33a013..a73e03bc5 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -332,6 +332,7 @@ #endif #define NDPI_MAX_DNS_REQUESTS 16 +#define NDPI_MIN_NUM_STUN_DETECTION 8 #define NDPI_MAJOR @NDPI_MAJOR@ #define NDPI_MINOR @NDPI_MINOR@ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e0e18fc62..519d6a1ad 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3985,7 +3985,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && (flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)) { check_stun_export: if(flow->protos.stun_ssl.stun.num_processed_pkts > 0) { - if(flow->protos.stun_ssl.stun.num_processed_pkts >= 8) { + if(flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) { u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); -- cgit v1.2.3 From c2169b3dca4e9fb1fc77e23873d9c86a048f540c Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Mon, 29 Oct 2018 17:06:58 +0100 Subject: Add command line options to correctly populate the shared object SONAME property. --- src/lib/Makefile.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 216595430..6cbe4437c 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -19,6 +19,7 @@ RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) +NDPI_VERSION_MAJOR = @NDPI_MAJOR@ NDPI_LIB_STATIC = libndpi.a NDPI_LIB_SHARED_BASE = libndpi.so NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@ @@ -37,7 +38,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(RANLIB) $@ $(NDPI_LIB_SHARED): $(OBJECTS) - $(CC) -shared -fPIC -o $@ $(OBJECTS) + $(CC) -shared -fPIC -Wl,-soname,$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) -o $@ $(OBJECTS) ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile -- cgit v1.2.3 From 023830f5aba7921083d47f250655fac9f65498df Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Mon, 29 Oct 2018 21:24:08 +0100 Subject: Try to fix build on Mac. --- src/lib/Makefile.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 6cbe4437c..3d53f15c4 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -27,6 +27,9 @@ NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED) ifeq ($(OS),Darwin) CC=clang +SONAME_FLAG= +else +SONAME_FLAG=-Wl,-soname,$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) endif all: $(NDPI_LIBS) @@ -38,7 +41,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(RANLIB) $@ $(NDPI_LIB_SHARED): $(OBJECTS) - $(CC) -shared -fPIC -Wl,-soname,$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) -o $@ $(OBJECTS) + $(CC) -shared -fPIC $(SONAME_FLAG) -o $@ $(OBJECTS) ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile -- cgit v1.2.3 From 00827903efe6ab35197e9b17985150e5d28fe8f8 Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Mon, 29 Oct 2018 23:15:28 +0100 Subject: The OS variable was not being populated by default. --- src/lib/Makefile.in | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 3d53f15c4..1f07773e9 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -25,6 +25,10 @@ NDPI_LIB_SHARED_BASE = libndpi.so NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@ NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED) +ifneq ($(OS),Windows_NT) +OS := $(shell uname) +endif + ifeq ($(OS),Darwin) CC=clang SONAME_FLAG= -- cgit v1.2.3 From f7e7ef2f30620e604b3ecaeec1c166ad36da59a9 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 3 Nov 2018 10:05:13 +0100 Subject: Improved SSL decoding --- example/ndpi_util.h | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/protocols/ssl.c | 15 +++++++++++++-- tests/result/bitcoin.pcap.out | 12 ++++++------ tests/result/ethereum.pcap.out | 4 ++-- tests/result/monero.pcap.out | 4 ++-- tests/result/nintendo.pcap.out | 4 ++-- tests/result/pps.pcap.out | 4 ++-- tests/result/zcash.pcap.out | 2 +- 9 files changed, 30 insertions(+), 19 deletions(-) (limited to 'src/lib') diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 0ea174aa5..d1d461490 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -79,7 +79,7 @@ typedef struct ndpi_flow_info { char bittorent_hash[41]; struct { - char client_info[48], server_info[48]; + char client_info[64], server_info[64]; } ssh_ssl; void *src_id, *dst_id; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index f0b47b358..51681e60e 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1080,7 +1080,7 @@ struct ndpi_flow_struct { struct { struct { - char client_certificate[48], server_certificate[48]; + char client_certificate[64], server_certificate[64]; } ssl; struct { diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 59aedcb45..979d234b9 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -284,9 +284,18 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, #endif if(extension_id == 0) { - u_int begin = 0,len; +#if 1 + u_int16_t len; + + len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4]; + len = (u_int)ndpi_min(len, buffer_len-1); + strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len); + buffer[len] = '\0'; +#else + /* old code */ + u_int begin = 0; char *server_name = (char*)&packet->payload[offset+extension_offset]; - + while(begin < extension_len) { if((!ndpi_isprint(server_name[begin])) || ndpi_ispunct(server_name[begin]) @@ -299,6 +308,8 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, len = (u_int)ndpi_min(extension_len-begin, buffer_len-1); strncpy(buffer, &server_name[begin], len); buffer[len] = '\0'; +#endif + stripCertificateTrailer(buffer, buffer_len); if(!ndpi_struct->disable_metadata_export) { diff --git a/tests/result/bitcoin.pcap.out b/tests/result/bitcoin.pcap.out index d10fa583d..3b0e89dd0 100644 --- a/tests/result/bitcoin.pcap.out +++ b/tests/result/bitcoin.pcap.out @@ -1,8 +1,8 @@ Mining 637 581074 6 - 1 TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 42/Mining][cat: Unspecified/99][2 pkts/281 bytes <-> 137 pkts/191029 bytes] - 2 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 42/Mining][cat: Unspecified/99][55 pkts/28663 bytes <-> 117 pkts/134830 bytes] - 3 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 42/Mining][cat: Unspecified/99][65 pkts/45271 bytes <-> 96 pkts/70339 bytes] - 4 TCP 192.168.1.142:55400 <-> 195.218.16.178:8333 [proto: 42/Mining][cat: Unspecified/99][47 pkts/26824 bytes <-> 72 pkts/55927 bytes] - 5 TCP 192.168.1.142:55317 <-> 188.165.213.169:8333 [proto: 42/Mining][cat: Unspecified/99][16 pkts/21673 bytes <-> 3 pkts/1771 bytes] - 6 TCP 192.168.1.142:55487 <-> 184.58.165.119:8333 [proto: 42/Mining][cat: Unspecified/99][24 pkts/3082 bytes <-> 3 pkts/1384 bytes] + 1 TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 42/Mining][cat: Mining/99][2 pkts/281 bytes <-> 137 pkts/191029 bytes] + 2 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 42/Mining][cat: Mining/99][55 pkts/28663 bytes <-> 117 pkts/134830 bytes] + 3 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 42/Mining][cat: Mining/99][65 pkts/45271 bytes <-> 96 pkts/70339 bytes] + 4 TCP 192.168.1.142:55400 <-> 195.218.16.178:8333 [proto: 42/Mining][cat: Mining/99][47 pkts/26824 bytes <-> 72 pkts/55927 bytes] + 5 TCP 192.168.1.142:55317 <-> 188.165.213.169:8333 [proto: 42/Mining][cat: Mining/99][16 pkts/21673 bytes <-> 3 pkts/1771 bytes] + 6 TCP 192.168.1.142:55487 <-> 184.58.165.119:8333 [proto: 42/Mining][cat: Mining/99][24 pkts/3082 bytes <-> 3 pkts/1384 bytes] diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out index a4c607d2d..2afe0fad1 100644 --- a/tests/result/ethereum.pcap.out +++ b/tests/result/ethereum.pcap.out @@ -1,4 +1,4 @@ Mining 819 134165 2 - 1 TCP 192.168.2.92:57726 <-> 94.23.36.128:4444 [proto: 42/Mining][cat: Unspecified/99][478 pkts/52883 bytes <-> 308 pkts/76667 bytes] - 2 TCP 192.168.2.92:41680 <-> 91.121.222.33:4444 [proto: 42/Mining][cat: Unspecified/99][20 pkts/2159 bytes <-> 13 pkts/2456 bytes] + 1 TCP 192.168.2.92:57726 <-> 94.23.36.128:4444 [proto: 42/Mining][cat: Mining/99][478 pkts/52883 bytes <-> 308 pkts/76667 bytes] + 2 TCP 192.168.2.92:41680 <-> 91.121.222.33:4444 [proto: 42/Mining][cat: Mining/99][20 pkts/2159 bytes <-> 13 pkts/2456 bytes] diff --git a/tests/result/monero.pcap.out b/tests/result/monero.pcap.out index 732ada2ed..d37beae60 100644 --- a/tests/result/monero.pcap.out +++ b/tests/result/monero.pcap.out @@ -1,4 +1,4 @@ Mining 319 166676 2 - 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Unspecified/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes] - 2 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Unspecified/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes] + 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes] + 2 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 025c468b3..e6f3b10fb 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -6,8 +6,8 @@ Amazon 76 10811 7 2 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] 3 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][cat: Game/8][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] 4 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][cat: Web/5][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] - 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] - 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.][server: *.baas.nintendo.com] + 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.][server: *.baas.nintendo.com] 7 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][cat: Game/8][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] 8 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][cat: Game/8][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index dd6d1710b..778aa1197 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -23,11 +23,11 @@ GenericProtocol 1429 1780307 49 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] diff --git a/tests/result/zcash.pcap.out b/tests/result/zcash.pcap.out index eb3e155ee..f144e4f21 100644 --- a/tests/result/zcash.pcap.out +++ b/tests/result/zcash.pcap.out @@ -1,3 +1,3 @@ Mining 145 20644 1 - 1 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Unspecified/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes] + 1 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes] -- cgit v1.2.3 From e240bbd4a4dfa34bd166ed5e9ae19a060ae42981 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 7 Nov 2018 22:43:33 +0100 Subject: Implemented UPnP dissector --- src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 3 ++ src/lib/protocols/lisp.c | 22 ++++++++++++++- src/lib/protocols/upnp.c | 65 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 src/lib/protocols/upnp.c (limited to 'src/lib') diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 48e005ce1..8ac7d7247 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -325,6 +325,7 @@ void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_upnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 519d6a1ad..7dd8777ec 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3170,6 +3170,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* REDIS */ init_redis_dissector(ndpi_struct, &a, detection_bitmask); + /* UPnP */ + init_upnp_dissector(ndpi_struct, &a, detection_bitmask); + /* VHUA */ init_vhua_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 2c6d7b611..7343ca034 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -1,10 +1,30 @@ +/* + * list.c + * + * Copyright (C) 2017-18 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + #include "ndpi_protocol_ids.h" #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP #include "ndpi_api.h" -#define LISP_PORT 4341 +#define LISP_PORT 4341 #define LISP_PORT1 4342 static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/upnp.c b/src/lib/protocols/upnp.c new file mode 100644 index 000000000..1706d021d --- /dev/null +++ b/src/lib/protocols/upnp.c @@ -0,0 +1,65 @@ +/* + * upnp.c + * + * Copyright (C) 2018 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UPNP + +#include "ndpi_api.h" + +#define UPNP_PORT 3702 + +void ndpi_search_upnp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search upnp\n"); + + if(packet->udp + && ( + (packet->iph && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */)) +#ifdef NDPI_DETECTION_SUPPORT_IPV6 + || + (packet->iphv6 && ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000) +#endif + ) + && (ntohs(packet->udp->dest) == UPNP_PORT) + && (packet->payload_packet_len >= 40) + && (strncmp((char*)packet->payload, " Date: Thu, 8 Nov 2018 22:13:05 +0100 Subject: Removed skype false positives better STUP detection --- src/lib/ndpi_main.c | 8 ++++++++ tests/result/whatsapp_voice_and_message.pcap.out | 5 ++--- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7dd8777ec..c099b3a32 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3971,6 +3971,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + + if((guessed_protocol_id == 0) + && (flow->protos.stun_ssl.stun.num_binding_requests > 0) + && (flow->protos.stun_ssl.stun.num_processed_pkts > 0)) + guessed_protocol_id = NDPI_PROTOCOL_STUN; + ndpi_int_change_protocol(ndpi_struct, flow, guessed_host_protocol_id, guessed_protocol_id); @@ -3988,11 +3994,13 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && (flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)) { check_stun_export: if(flow->protos.stun_ssl.stun.num_processed_pkts > 0) { +#if 0 if(flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) { u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } else +#endif ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); } } diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index e14163cbd..18ed7943d 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,4 @@ -SkypeCallIn 9 1184 1 -STUN 35 4732 7 +STUN 44 5916 8 WhatsApp 217 22139 5 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes] @@ -7,7 +6,7 @@ WhatsApp 217 22139 5 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][cat: Chat/9][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] - 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/840 bytes <-> 4 pkts/344 bytes] + 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][5 pkts/840 bytes <-> 4 pkts/344 bytes] 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] -- cgit v1.2.3 From b98373f390aac2b401c667664db1e1a44493c785 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 8 Nov 2018 22:31:58 +0100 Subject: Improved Messenger/Hangout detection --- src/lib/ndpi_main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c099b3a32..242f7e35e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4001,11 +4001,19 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } else #endif - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_STUN); } } ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; + + if(ret.master_protocol == NDPI_PROTOCOL_STUN) { + if(ret.app_protocol == NDPI_PROTOCOL_FACEBOOK) + ret.app_protocol = NDPI_PROTOCOL_MESSENGER; + else if(ret.app_protocol == NDPI_PROTOCOL_GOOGLE) + ret.app_protocol = NDPI_PROTOCOL_HANGOUT; + } + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); -- cgit v1.2.3 From 8f8ca40f63bb47f337253074f395bc44f3cd6a86 Mon Sep 17 00:00:00 2001 From: Mikhail Smirnov <2miksyn@users.noreply.github.com> Date: Fri, 9 Nov 2018 00:46:25 +0300 Subject: Improve SSL detection, prevent false positive SSL detection --- src/lib/ndpi_main.c | 4 ++-- src/lib/protocols/ssl.c | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7dd8777ec..6f3d03a48 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3948,7 +3948,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->guessed_protocol_id == NDPI_PROTOCOL_STUN) goto check_stun_export; - else if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') { + else if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN); } else { if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) @@ -4268,7 +4268,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc } } - if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') { + if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) { unsigned long id; int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.client_certificate, &id); diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 979d234b9..d7f7a9687 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -39,8 +39,8 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st { struct ndpi_packet_struct *packet = &flow->packet; - if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') - || (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') + if(((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) + || ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')) || (flow->host_server_name[0] != '\0')) protocol = NDPI_PROTOCOL_SSL; else @@ -348,7 +348,7 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi packet->ssl_certificate_num_checks++; if (rc > 0) { packet->ssl_certificate_detected++; - if (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') + if ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')) /* 0 means we're done processing extra packets (since we found what we wanted) */ return 0; } @@ -405,7 +405,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s /* If we've detected the subprotocol from client certificate but haven't had a chance * to see the server certificate yet, set up extra packet processing to wait * a few more packets. */ - if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { + if(((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) && ((flow->l4.tcp.ssl_seen_server_cert != 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0'))) { sslInitExtraPacketProcessing(0, flow); } @@ -422,8 +422,8 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s && flow->l4.tcp.seen_syn && flow->l4.tcp.seen_syn_ack && flow->l4.tcp.seen_ack /* We have seen the 3-way handshake */) - || (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') - /* || (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') */ + || ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')) + /* || ((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) */ ) { ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } -- cgit v1.2.3 From b31337db4a8fadc90ef6e45d761696d1d0d50182 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 9 Nov 2018 11:31:08 +0100 Subject: Improved Skype detection --- src/lib/ndpi_content_match.c.inc | 1 + src/lib/ndpi_main.c | 5 ++-- src/lib/protocols/stun.c | 16 ++++++++++++- tests/result/whatsapp_login_call.pcap.out | 30 ++++++++++++------------ tests/result/whatsapp_voice_and_message.pcap.out | 19 ++++++++------- 5 files changed, 43 insertions(+), 28 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e39fc3939..71e236d37 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -706,6 +706,7 @@ static ndpi_network host_protocol_list[] = { { 0x287F816D /* 40.126.129.109 */, 32, NDPI_PROTOCOL_SKYPE }, { 0x4237DF00 /* 65.55.223.0 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE }, + { 0x34724A05 /* 52.114.74.5 */, 32, NDPI_PROTOCOL_SKYPE }, /* Blizzard Entertainment, Inc diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 242f7e35e..da478cc3b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3994,13 +3994,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && (flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)) { check_stun_export: if(flow->protos.stun_ssl.stun.num_processed_pkts > 0) { -#if 0 - if(flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) { + if(/* (flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) */ + flow->protos.stun_ssl.stun.is_skype) { u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } else -#endif ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_STUN); } } diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index ad6a585f9..cb1322e5e 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -106,7 +106,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x4002: /* These are the only messages apparently whatsapp voice can use */ break; - + case 0x8054: /* Candidate Identifier */ if((len == 4) && ((offset+7) < payload_length) @@ -119,6 +119,20 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } break; + case 0x8055: /* MS Service Quality (skype?) */ + break; + + /* Proprietary fields found on skype calls */ + case 0x24DF: + case 0x3802: + case 0x8036: + case 0x8095: + case 0x0800: + /* printf("====>>>> %04X\n", attribute); */ + flow->protos.stun_ssl.stun.is_skype = 1; + return(NDPI_IS_STUN); + break; + case 0x8070: /* Implementation Version */ if((len == 4) && ((offset+7) < payload_length) diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 0fa82a7df..666b3d70a 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -2,13 +2,13 @@ Unknown 27 2322 2 HTTP 11 726 3 MDNS 8 952 4 DHCP 10 3420 1 -STUN 70 9464 14 ICMP 10 700 1 SSL 8 589 2 Dropbox 4 2176 1 Apple 105 22176 19 WhatsApp 182 25154 2 Spotify 3 258 1 +Messenger 70 9464 14 WhatsAppVoice 706 91156 4 AppleStore 85 28087 2 ApplePush 22 5926 1 @@ -26,20 +26,20 @@ ApplePush 22 5926 1 11 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/2176 bytes -> 0 pkts/0 bytes] 12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][cat: Web/5][9 pkts/1130 bytes <-> 8 pkts/868 bytes] 13 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 15 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 16 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 21 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 22 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 23 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 24 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 26 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 27 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 14 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 15 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 16 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 21 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 22 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 23 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 24 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 26 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 27 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] 28 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes] 29 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes <-> 2 pkts/132 bytes] 30 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index 18ed7943d..2b9ee2e26 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -1,16 +1,17 @@ -STUN 44 5916 8 +SkypeCallIn 9 1184 1 WhatsApp 217 22139 5 +Messenger 35 4732 7 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes] 2 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][cat: Chat/9][24 pkts/3029 bytes <-> 22 pkts/1961 bytes] 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][cat: Chat/9][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] - 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][5 pkts/840 bytes <-> 4 pkts/344 bytes] - 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 10 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/840 bytes <-> 4 pkts/344 bytes] + 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 10 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes] -- cgit v1.2.3 From de9b2b202e77ef6a2a4442b293859009f005458c Mon Sep 17 00:00:00 2001 From: kyrol Date: Fri, 9 Nov 2018 14:52:32 +0100 Subject: FIX missing Application Data pkt for TLS --- src/lib/protocols/ssl.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 59aedcb45..533bc69aa 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -249,7 +249,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, offset++; compression_len = packet->payload[offset]; offset++; - + #ifdef CERTIFICATE_DEBUG printf("SSL [compression_len: %u]\n", compression_len); #endif @@ -260,7 +260,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, if(offset < total_len) { extensions_len = ntohs(*((u_int16_t*)&packet->payload[offset])); offset += 2; - + #ifdef CERTIFICATE_DEBUG printf("SSL [extensions_len: %u]\n", extensions_len); #endif @@ -282,7 +282,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, #ifdef CERTIFICATE_DEBUG printf("SSL [extension_id: %u][extension_len: %u]\n", extension_id, extension_len); #endif - + if(extension_id == 0) { u_int begin = 0,len; char *server_name = (char*)&packet->payload[offset+extension_offset]; @@ -305,7 +305,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->protos.stun_ssl.ssl.client_certificate, sizeof(flow->protos.stun_ssl.ssl.client_certificate), "%s", buffer); } - + /* We're happy now */ return(2 /* Client Certificate */); } @@ -331,7 +331,7 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) { char certificate[64]; int rc; - + certificate[0] = '\0'; rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate)); packet->ssl_certificate_num_checks++; @@ -389,7 +389,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s strlen(certificate), &ret_match, NDPI_PROTOCOL_SSL); - + if(subproto != NDPI_PROTOCOL_UNKNOWN) { /* If we've detected the subprotocol from client certificate but haven't had a chance * to see the server certificate yet, set up extra packet processing to wait @@ -397,7 +397,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { sslInitExtraPacketProcessing(0, flow); } - + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); return(rc); /* Fix courtesy of Gianluca Costa */ @@ -512,13 +512,10 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct struct ndpi_packet_struct *packet = &flow->packet; if((packet->payload_packet_len >= 5) - && (packet->payload[0] == 0x16) + && ((packet->payload[0] == 0x16) || packet->payload[0] == 0x17) && (packet->payload[1] == 0x03) - && ((packet->payload[2] == 0x00) - || (packet->payload[2] == 0x01) - || (packet->payload[2] == 0x02) - || (packet->payload[2] == 0x03) - )) { + && ((packet->payload[2] == 0x00) || (packet->payload[2] == 0x01) || + (packet->payload[2] == 0x02) || (packet->payload[2] == 0x03))) { u_int32_t temp; NDPI_LOG_DBG2(ndpi_struct, "search sslv3\n"); // SSLv3 Record @@ -680,6 +677,17 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc flow->l4.tcp.ssl_stage = 1 + packet->packet_direction; return; } + + // Application Data pkt + if(packet->payload[0] == 0x17 && packet->payload[1] == 0x03 + && (packet->payload[2] == 0x00 || packet->payload[2] == 0x01 || + packet->payload[2] == 0x02 || packet->payload[2] == 0x03)) { + if(packet->payload_packet_len - ntohs(get_u_int16_t(packet->payload, 3)) == 5) { + NDPI_LOG_DBG2(ndpi_struct, "TLS len match\n"); + flow->l4.tcp.ssl_stage = 1 + packet->packet_direction; + return; + } + } } if(packet->payload_packet_len > 40 && -- cgit v1.2.3 From 977751efdbe61374bbe54f709b3fd6c1b971a9d6 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 14 Nov 2018 15:24:15 +0100 Subject: Added ndpi_flowv4_flow_hash and ndpi_flowv6_flow_hash skeletons for implementing https://github.com/corelight/community-id-spec --- src/include/ndpi_api.h | 8 ++ src/lib/ndpi_main.c | 24 ++++++ src/lib/third_party/src/sha1-fast.c | 148 ++++++++++++++++++++++++++++++++++++ 3 files changed, 180 insertions(+) create mode 100644 src/lib/third_party/src/sha1-fast.c (limited to 'src/lib') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index d1e9148b2..d010577a5 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -772,6 +772,14 @@ extern "C" { void * ndpi_calloc(unsigned long count, size_t size); void ndpi_free(void *ptr); u_int8_t ndpi_get_api_version(); + + /* https://github.com/corelight/community-id-spec */ + int ndpi_flowv4_flow_hash(u_int8_t l4_proto, u_int32_t src_ip, u_int32_t dst_ip, u_int16_t src_port, u_int16_t dst_port, + u_int8_t icmp_type, u_int8_t icmp_code, u_char *hash_buf, u_int8_t hash_buf_len); + int ndpi_flowv6_flow_hash(u_int8_t l4_proto, struct ndpi_in6_addr *src_ip, struct ndpi_in6_addr *dst_ip, + u_int16_t src_port, u_int16_t dst_port, u_int8_t icmp_type, u_int8_t icmp_code, + u_char *hash_buf, u_int8_t hash_buf_len); + #ifdef __cplusplus } #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8e9bb53fc..3a6cd84ef 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6063,3 +6063,27 @@ u_int ndpi_get_ndpi_detection_module_size() { void ndpi_set_log_level(struct ndpi_detection_module_struct *ndpi_mod, u_int l) { ndpi_mod->ndpi_log_level = l; } + +/* ******************************************************************** */ + +/* + NOTE: + - Leave fields empty/zero when information is missing (e.g. with ICMP ports are zero) + - The hash_buf most be 30+1 bits or longer + - Return code: 0 = OK, -1 otherwise + */ + +int ndpi_flowv4_flow_hash(u_int8_t l4_proto, u_int32_t src_ip, + u_int32_t dst_ip, u_int16_t src_port, u_int16_t dst_port, + u_int8_t icmp_type, u_int8_t icmp_code, + u_char *hash_buf, u_int8_t hash_buf_len) { + + return(0); /* OK */ +} + +int ndpi_flowv6_flow_hash(u_int8_t l4_proto, struct ndpi_in6_addr *src_ip, struct ndpi_in6_addr *dst_ip, + u_int16_t src_port, u_int16_t dst_port, u_int8_t icmp_type, u_int8_t icmp_code, + u_char *hash_buf, u_int8_t hash_buf_len) { + + return(0); /* OK */ +} diff --git a/src/lib/third_party/src/sha1-fast.c b/src/lib/third_party/src/sha1-fast.c new file mode 100644 index 000000000..3e4932147 --- /dev/null +++ b/src/lib/third_party/src/sha1-fast.c @@ -0,0 +1,148 @@ +/* + * SHA-1 hash in C + * + * Copyright (c) 2017 Project Nayuki. (MIT License) + * https://www.nayuki.io/page/fast-sha1-hash-implementation-in-x86-assembly + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * - The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * - The Software is provided "as is", without warranty of any kind, express or + * implied, including but not limited to the warranties of merchantability, + * fitness for a particular purpose and noninfringement. In no event shall the + * authors or copyright holders be liable for any claim, damages or other + * liability, whether in an action of contract, tort or otherwise, arising from, + * out of or in connection with the Software or the use or other dealings in the + * Software. + */ + +#include + + +void sha1_compress(uint32_t state[5], const uint8_t block[64]) { +#define ROTL32(x, n) (((0U + (x)) << (n)) | ((x) >> (32 - (n)))) // Assumes that x is uint32_t and 0 < n < 32 + +#define LOADSCHEDULE(i) \ + schedule[i] = (uint32_t)block[i * 4 + 0] << 24 \ + | (uint32_t)block[i * 4 + 1] << 16 \ + | (uint32_t)block[i * 4 + 2] << 8 \ + | (uint32_t)block[i * 4 + 3] << 0; + +#define SCHEDULE(i) \ + temp = schedule[(i - 3) & 0xF] ^ schedule[(i - 8) & 0xF] ^ schedule[(i - 14) & 0xF] ^ schedule[(i - 16) & 0xF]; \ + schedule[i & 0xF] = ROTL32(temp, 1); + +#define ROUND0a(a, b, c, d, e, i) LOADSCHEDULE(i) ROUNDTAIL(a, b, e, ((b & c) | (~b & d)) , i, 0x5A827999) +#define ROUND0b(a, b, c, d, e, i) SCHEDULE(i) ROUNDTAIL(a, b, e, ((b & c) | (~b & d)) , i, 0x5A827999) +#define ROUND1(a, b, c, d, e, i) SCHEDULE(i) ROUNDTAIL(a, b, e, (b ^ c ^ d) , i, 0x6ED9EBA1) +#define ROUND2(a, b, c, d, e, i) SCHEDULE(i) ROUNDTAIL(a, b, e, ((b & c) ^ (b & d) ^ (c & d)), i, 0x8F1BBCDC) +#define ROUND3(a, b, c, d, e, i) SCHEDULE(i) ROUNDTAIL(a, b, e, (b ^ c ^ d) , i, 0xCA62C1D6) + +#ifndef UINT32_C +#define UINT32_C(c)c ## U +#endif + +#define ROUNDTAIL(a, b, e, f, i, k) \ + e = 0U + e + ROTL32(a, 5) + f + UINT32_C(k) + schedule[i & 0xF]; \ + b = ROTL32(b, 30); + + uint32_t a = state[0]; + uint32_t b = state[1]; + uint32_t c = state[2]; + uint32_t d = state[3]; + uint32_t e = state[4]; + + uint32_t schedule[16]; + uint32_t temp; + ROUND0a(a, b, c, d, e, 0) + ROUND0a(e, a, b, c, d, 1) + ROUND0a(d, e, a, b, c, 2) + ROUND0a(c, d, e, a, b, 3) + ROUND0a(b, c, d, e, a, 4) + ROUND0a(a, b, c, d, e, 5) + ROUND0a(e, a, b, c, d, 6) + ROUND0a(d, e, a, b, c, 7) + ROUND0a(c, d, e, a, b, 8) + ROUND0a(b, c, d, e, a, 9) + ROUND0a(a, b, c, d, e, 10) + ROUND0a(e, a, b, c, d, 11) + ROUND0a(d, e, a, b, c, 12) + ROUND0a(c, d, e, a, b, 13) + ROUND0a(b, c, d, e, a, 14) + ROUND0a(a, b, c, d, e, 15) + ROUND0b(e, a, b, c, d, 16) + ROUND0b(d, e, a, b, c, 17) + ROUND0b(c, d, e, a, b, 18) + ROUND0b(b, c, d, e, a, 19) + ROUND1(a, b, c, d, e, 20) + ROUND1(e, a, b, c, d, 21) + ROUND1(d, e, a, b, c, 22) + ROUND1(c, d, e, a, b, 23) + ROUND1(b, c, d, e, a, 24) + ROUND1(a, b, c, d, e, 25) + ROUND1(e, a, b, c, d, 26) + ROUND1(d, e, a, b, c, 27) + ROUND1(c, d, e, a, b, 28) + ROUND1(b, c, d, e, a, 29) + ROUND1(a, b, c, d, e, 30) + ROUND1(e, a, b, c, d, 31) + ROUND1(d, e, a, b, c, 32) + ROUND1(c, d, e, a, b, 33) + ROUND1(b, c, d, e, a, 34) + ROUND1(a, b, c, d, e, 35) + ROUND1(e, a, b, c, d, 36) + ROUND1(d, e, a, b, c, 37) + ROUND1(c, d, e, a, b, 38) + ROUND1(b, c, d, e, a, 39) + ROUND2(a, b, c, d, e, 40) + ROUND2(e, a, b, c, d, 41) + ROUND2(d, e, a, b, c, 42) + ROUND2(c, d, e, a, b, 43) + ROUND2(b, c, d, e, a, 44) + ROUND2(a, b, c, d, e, 45) + ROUND2(e, a, b, c, d, 46) + ROUND2(d, e, a, b, c, 47) + ROUND2(c, d, e, a, b, 48) + ROUND2(b, c, d, e, a, 49) + ROUND2(a, b, c, d, e, 50) + ROUND2(e, a, b, c, d, 51) + ROUND2(d, e, a, b, c, 52) + ROUND2(c, d, e, a, b, 53) + ROUND2(b, c, d, e, a, 54) + ROUND2(a, b, c, d, e, 55) + ROUND2(e, a, b, c, d, 56) + ROUND2(d, e, a, b, c, 57) + ROUND2(c, d, e, a, b, 58) + ROUND2(b, c, d, e, a, 59) + ROUND3(a, b, c, d, e, 60) + ROUND3(e, a, b, c, d, 61) + ROUND3(d, e, a, b, c, 62) + ROUND3(c, d, e, a, b, 63) + ROUND3(b, c, d, e, a, 64) + ROUND3(a, b, c, d, e, 65) + ROUND3(e, a, b, c, d, 66) + ROUND3(d, e, a, b, c, 67) + ROUND3(c, d, e, a, b, 68) + ROUND3(b, c, d, e, a, 69) + ROUND3(a, b, c, d, e, 70) + ROUND3(e, a, b, c, d, 71) + ROUND3(d, e, a, b, c, 72) + ROUND3(c, d, e, a, b, 73) + ROUND3(b, c, d, e, a, 74) + ROUND3(a, b, c, d, e, 75) + ROUND3(e, a, b, c, d, 76) + ROUND3(d, e, a, b, c, 77) + ROUND3(c, d, e, a, b, 78) + ROUND3(b, c, d, e, a, 79) + + state[0] = 0U + state[0] + a; + state[1] = 0U + state[1] + b; + state[2] = 0U + state[2] + c; + state[3] = 0U + state[3] + d; + state[4] = 0U + state[4] + e; +} -- cgit v1.2.3 From 8c63f25478ac5883478df769b927f4aaaa050e62 Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Thu, 15 Nov 2018 09:09:52 +0100 Subject: Also create the libndpi.so.2 link. This is created bydefault by all build tools for libraries and required in certain cases. FreeBSD linker requires it when using SONAME. --- src/lib/Makefile.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1f07773e9..273f8e89d 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -47,6 +47,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(NDPI_LIB_SHARED): $(OBJECTS) $(CC) -shared -fPIC $(SONAME_FLAG) -o $@ $(OBJECTS) ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ @@ -58,5 +59,6 @@ install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) mkdir -p $(DESTDIR)$(includedir) cp ../include/*.h $(DESTDIR)$(includedir) -- cgit v1.2.3 From 6e6b825e92367f80b8870791a6a9a0a4ae3d5ead Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 15 Nov 2018 16:18:45 +0100 Subject: Improved skype heuristic --- src/lib/protocols/skype.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 698fff052..dbc960b3e 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -23,9 +23,16 @@ #include "ndpi_api.h" +static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; -static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ + printf("-> payload_len=%u\n", flow->packet.payload_packet_len); + + NDPI_LOG_INFO(ndpi_struct, "found skype\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); +} + +static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; @@ -47,8 +54,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ && (packet->payload[2] == 0x02))) { - NDPI_LOG_INFO(ndpi_struct, "found skype\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); + ndpi_skype_report_protocol(ndpi_struct, flow); } } return; @@ -71,9 +77,9 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s if((payload_len == 8) || (payload_len == 3) || (payload_len == 17)) { // printf("[SKYPE] payload_len=%u\n", payload_len); /* printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); */ - + NDPI_LOG_INFO(ndpi_struct, "found skype\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); + ndpi_skype_report_protocol(ndpi_struct, flow); } else { // printf("NO [SKYPE] payload_len=%u\n", payload_len); } -- cgit v1.2.3 From 22c2568c276aaa81c6131b3a6a7bc8c0c6cdc5b7 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Fri, 16 Nov 2018 19:21:57 +0100 Subject: commented out debug print --- src/lib/protocols/skype.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index dbc960b3e..e544724a5 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -26,7 +26,7 @@ static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; - printf("-> payload_len=%u\n", flow->packet.payload_packet_len); + //printf("-> payload_len=%u\n", flow->packet.payload_packet_len); NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); -- cgit v1.2.3 From 153766917891cd0d4abebc9035bbb427d3a9fbc1 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Mon, 19 Nov 2018 18:02:06 +0100 Subject: rpm package --- example/Makefile.in | 2 +- packages/etc/ld.so.conf.d/ndpi.conf | 1 + packages/rpm/configure | 2869 +++++++++++++++++++++++++++++++++++ packages/rpm/rpm-sign.exp | 10 + packages/ubuntu/configure | 18 +- packages/ubuntu/configure.in | 4 +- packages/ubuntu/debian/changelog.in | 2 +- src/lib/Makefile.in | 4 +- 8 files changed, 2889 insertions(+), 21 deletions(-) create mode 100644 packages/etc/ld.so.conf.d/ndpi.conf create mode 100755 packages/rpm/configure create mode 100755 packages/rpm/rpm-sign.exp (limited to 'src/lib') diff --git a/example/Makefile.in b/example/Makefile.in index a5ca6acce..5ee981bd1 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -14,7 +14,7 @@ ndpiReader: $(OBJS) $(LIBNDPI) $(CC) $(CFLAGS) -c $< -o $@ install: - cp ndpiReader $(DESTDIR)$(PREFIX)/bin + cp ndpiReader $(DESTDIR)$(PREFIX)/bin/ dpdk: make -f Makefile.dpdk diff --git a/packages/etc/ld.so.conf.d/ndpi.conf b/packages/etc/ld.so.conf.d/ndpi.conf new file mode 100644 index 000000000..e8e4bdcd4 --- /dev/null +++ b/packages/etc/ld.so.conf.d/ndpi.conf @@ -0,0 +1 @@ +/usr/local/lib diff --git a/packages/rpm/configure b/packages/rpm/configure new file mode 100755 index 000000000..45e05620f --- /dev/null +++ b/packages/rpm/configure @@ -0,0 +1,2869 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for Makefile.in 1.0. +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='Makefile.in' +PACKAGE_TARNAME='makefile-in' +PACKAGE_VERSION='1.0' +PACKAGE_STRING='Makefile.in 1.0' +PACKAGE_BUGREPORT='' +PACKAGE_URL='' + +ac_subst_vars='LTLIBOBJS +LIBOBJS +GIT_REVISION +GIT_RELEASE +KERNEL +DATE +EXTN +MACHINE +PLATFORM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +' + ac_precious_vars='build_alias +host_alias +target_alias' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures Makefile.in 1.0 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/makefile-in] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of Makefile.in 1.0:";; + esac + cat <<\_ACEOF + +Report bugs to the package provider. +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +Makefile.in configure 1.0 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by Makefile.in $as_me 1.0, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +DATE=`date -R` +KERNEL=`uname -r` +PLATFORM=`uname -p` +MACHINE=`uname -m` +SHORT_MACHINE=`uname -m | cut -b1-3` + +EXTN="" +if test $MACHINE = "x86_64"; then + EXTN="amd64" +else + if test $SHORT_MACHINE = "aar"; then + EXTN="arm64" + else + if test $SHORT_MACHINE = "arm"; then + EXTN="armhf" + else + if test $SHORT_MACHINE = "mip"; then + EXTN="mips" + else + EXTN="i386" + fi + fi + fi +fi + +PACKAGE_VERSION=`cat ../../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev` +GIT_RELEASE=`git rev-parse HEAD` +GIT_REVISION=`git rev-list --all |wc -l | tr -d '[:space:]'` + +ac_config_files="$ac_config_files Makefile ndpi.spec" + + + + + + + + + + + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +# +# If the first sed substitution is executed (which looks for macros that +# take arguments), then branch to the quote section. Otherwise, +# look for a macro that doesn't take arguments. +ac_script=' +:mline +/\\$/{ + N + s,\\\n,, + b mline +} +t clear +:clear +s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g +t quote +s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g +t quote +b any +:quote +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g +s/\$/$$/g +H +:any +${ + g + s/^\n// + s/\n/ /g + p +} +' +DEFS=`sed -n "$ac_script" confdefs.h` + + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by Makefile.in $as_me 1.0, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + +Configuration files: +$config_files + +Report bugs to the package provider." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +Makefile.in config.status 1.0 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h | --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "ndpi.spec") CONFIG_FILES="$CONFIG_FILES ndpi.spec" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + + +eval set X " :F $CONFIG_FILES " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + diff --git a/packages/rpm/rpm-sign.exp b/packages/rpm/rpm-sign.exp new file mode 100755 index 000000000..04e424014 --- /dev/null +++ b/packages/rpm/rpm-sign.exp @@ -0,0 +1,10 @@ +#!/usr/bin/expect -f + +### rpm-sign.exp -- Sign RPMs by sending the passphrase. + +spawn rpm --addsign {*}$argv + expect -exact "Enter pass phrase: " + send -- "\r" + expect eof + +## end of rpm-sign.exp \ No newline at end of file diff --git a/packages/ubuntu/configure b/packages/ubuntu/configure index ab2436b40..77b5b7164 100755 --- a/packages/ubuntu/configure +++ b/packages/ubuntu/configure @@ -583,7 +583,7 @@ PACKAGE_URL='' ac_subst_vars='LTLIBOBJS LIBOBJS -GIT_COMMITS +GIT_REVISION GIT_RELEASE KERNEL DATE @@ -609,7 +609,6 @@ infodir docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -674,7 +673,6 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -927,15 +925,6 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1073,7 +1062,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1226,7 +1215,6 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1707,7 +1695,7 @@ fi NDPI_VERS=`cat ../../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev` GIT_RELEASE=`git rev-parse HEAD` -GIT_COMMITS=`git rev-list --all |wc -l | tr -d '[:space:]'` +GIT_REVISION=`git rev-list --all |wc -l | tr -d '[:space:]'` ac_config_files="$ac_config_files Makefile debian/changelog debian/files debian/control" diff --git a/packages/ubuntu/configure.in b/packages/ubuntu/configure.in index 88a5788be..0193b6e78 100644 --- a/packages/ubuntu/configure.in +++ b/packages/ubuntu/configure.in @@ -26,7 +26,7 @@ fi NDPI_VERS=`cat ../../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev` GIT_RELEASE=`git rev-parse HEAD` -GIT_COMMITS=`git rev-list --all |wc -l | tr -d '[[:space:]]'` +GIT_REVISION=`git rev-list --all |wc -l | tr -d '[[:space:]]'` AC_CONFIG_FILES([Makefile debian/changelog debian/files debian/control]) @@ -36,6 +36,6 @@ AC_SUBST(EXTN) AC_SUBST(DATE) AC_SUBST(KERNEL) AC_SUBST(GIT_RELEASE) -AC_SUBST(GIT_COMMITS) +AC_SUBST(GIT_REVISION) AC_OUTPUT diff --git a/packages/ubuntu/debian/changelog.in b/packages/ubuntu/debian/changelog.in index a5ed21450..bf80f34a9 100644 --- a/packages/ubuntu/debian/changelog.in +++ b/packages/ubuntu/debian/changelog.in @@ -1,4 +1,4 @@ -ndpi (@NDPI_VERS@-@GIT_COMMITS@) stable; urgency=high +ndpi (@NDPI_VERS@-@GIT_REVISION@) stable; urgency=high * Last packaged version -- Luca Deri @DATE@ diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1f07773e9..aad90d486 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -46,7 +46,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(NDPI_LIB_SHARED): $(OBJECTS) $(CC) -shared -fPIC $(SONAME_FLAG) -o $@ $(OBJECTS) - ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + ln -Ffsr $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ @@ -57,6 +57,6 @@ clean: install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ - ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + ln -Ffsr $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) mkdir -p $(DESTDIR)$(includedir) cp ../include/*.h $(DESTDIR)$(includedir) -- cgit v1.2.3 From 582da8d4bb00ed6be656451fbd6ebde6719c5ce2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 19 Nov 2018 18:24:33 +0100 Subject: Improved WeChat support Removed Musical.ly protocol as the service has been merged with another one and thus it is no longer used Improved guess for UDP protocols --- example/ndpiReader.c | 1 + src/include/ndpi_api.h | 2 + src/include/ndpi_main.h | 1 + src/include/ndpi_protocol_ids.h | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 13 +++--- src/lib/ndpi_main.c | 93 ++++++++++++++++++++++++---------------- src/lib/protocols/dropbox.c | 26 +++++++---- src/lib/protocols/eaq.c | 10 +++-- src/lib/protocols/skype.c | 17 ++++++-- 10 files changed, 107 insertions(+), 60 deletions(-) (limited to 'src/lib') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d9e150be7..cb3238a88 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -911,6 +911,7 @@ static void node_print_known_proto_walker(const void *node, static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, + NULL, flow->protocol, ntohl(flow->src_ip), ntohs(flow->src_port), diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index d010577a5..c7ed7cd17 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -326,6 +326,7 @@ extern "C" { * Search and return the protocol guessed that is undetected * * @par ndpi_struct = the detection module + * @par flow = the flow we're trying to guess, NULL if not available * @par proto = the l4 protocol number * @par shost = source address in host byte order * @par sport = source port number @@ -335,6 +336,7 @@ extern "C" { * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost, u_int16_t sport, diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 3517d45b2..41280fb8e 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -119,6 +119,7 @@ extern "C" { u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 0d2712d20..aefb0fce2 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -73,7 +73,7 @@ typedef enum { NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow */ NDPI_PROTOCOL_BITTORRENT = 37, NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, - NDPI_PROTOCOL_MUSICALLY = 39, + NDPI_PROTOCOL_FREE_39 = 39, /* Free */ NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 51681e60e..4b69c2b7b 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -826,7 +826,7 @@ typedef enum { ndpi_pref_dns_dissect_response, ndpi_pref_direction_detect_disable, ndpi_pref_disable_metadata_export, - ndpi_pref_enable_category_substring_match, + ndpi_pref_enable_category_substring_match } ndpi_detection_preference; /* ntop extensions */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 71e236d37..4bfdde983 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -21,7 +21,6 @@ /* ****************************************************** */ static ndpi_network host_protocol_list[] = { - /* SoundCloud */ @@ -111,11 +110,14 @@ static ndpi_network host_protocol_list[] = { WeChat origin AS132203, AS132591, AS45090 */ - { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, - { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0XCBCDB000 /* 203.205.176.0/20 */, 20, NDPI_PROTOCOL_WECHAT }, + { 0XCBCDC000 /* 203.205.192.0/18 */, 18, NDPI_PROTOCOL_WECHAT }, + + /* OpenDNS, LLC @@ -8327,10 +8329,7 @@ ndpi_protocol_match host_match[] = { /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ { "slack-assets2.s3-", NULL, "slack-assets2\\.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "zhiliaoapp.com", NULL, "zhiliaoapp" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "muscdn.com", NULL, "muscdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "livelycdn.com", NULL, "livelycdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "direct.ly", NULL, "direct\\.ly$", "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "wechat.com", NULL, "wechat\\.com" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "github.com", NULL, "github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".github.com", NULL, "\\.github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3a6cd84ef..02ad31a5e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -517,7 +517,6 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, (*(ndpi_struct->ndpi_debug_printf))(protocol_id, ndpi_struct, NDPI_LOG_DEBUG, _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_struct, protocol_id)); - } #endif NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id); @@ -1205,9 +1204,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MUSICALLY, - no_master, - no_master, "Musical.ly", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT, + no_master, /* wechat.com */ + no_master, "WeChat", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED, @@ -1245,7 +1244,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, + no_master, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -2523,6 +2527,7 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_ /* ****************************************************** */ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { @@ -2531,8 +2536,17 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_struct, proto, sport, dport); if(found != NULL) { - *user_defined_proto = found->customUserProto; - return(found->proto->protoId); + u_int16_t guessed_proto = found->proto->protoId; + + /* We need to check if the guessed protocol isn't excluded by nDPI */ + if(flow + && (proto == IPPROTO_UDP) + && (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto))) + return(NDPI_PROTOCOL_UNKNOWN); + else { + *user_defined_proto = found->customUserProto; + return(guessed_proto); + } } } else { /* No TCP/UDP */ @@ -3956,18 +3970,17 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && (flow->l4.tcp.ssl_stage > 1)) flow->guessed_protocol_id = NDPI_PROTOCOL_SSL_NO_CERT; - guessed_protocol_id = flow->guessed_protocol_id, - guessed_host_protocol_id = flow->guessed_host_protocol_id; + guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) - guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; - + && ((flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) - guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)) + flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { @@ -4394,7 +4407,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else sport = dport = 0; /* guess protocol */ - flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); + flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, flow, protocol, sport, dport, &user_defined_proto); flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_struct, flow); if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { @@ -5356,6 +5369,7 @@ u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) { /* ****************************************************** */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost /* host byte order */, u_int16_t sport, u_int32_t dhost /* host byte order */, u_int16_t dport) { @@ -5365,30 +5379,37 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, - shost, dhost, sport, dport); + rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, - dport, &user_defined_proto); - - if(ret.app_protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - - ret.category = ndpi_get_proto_category(ndpi_struct, ret); - return(ret); + if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + ; + else { + ret.app_protocol = rc, + ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, + dport, &user_defined_proto); + + if(ret.app_protocol == ret.master_protocol) + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + + ret.category = ndpi_get_proto_category(ndpi_struct, ret); + return(ret); + } } - rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); + rc = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.app_protocol = rc; - - if(rc == NDPI_PROTOCOL_SSL) - goto check_guessed_skype; + if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + ; else { - ret.category = ndpi_get_proto_category(ndpi_struct, ret); - return(ret); + ret.app_protocol = rc; + + if(rc == NDPI_PROTOCOL_SSL) + goto check_guessed_skype; + else { + ret.category = ndpi_get_proto_category(ndpi_struct, ret); + return(ret); + } } } @@ -5402,10 +5423,10 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct ret.app_protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, + ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); - ret.category = ndpi_get_proto_category(ndpi_struct, ret); + ret.category = ndpi_get_proto_category(ndpi_struct, ret); return(ret); } diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index d981c76b3..39bb96ff2 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -48,14 +48,24 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, if(packet->udp != NULL) { u_int16_t dropbox_port = htons(DB_LSP_PORT); - if((packet->udp->source == dropbox_port) - && (packet->udp->dest == dropbox_port)) { - if(payload_len > 2) { - if(strstr((const char *)packet->payload, "\"host_int\"") != NULL) { - - NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); - ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); - return; + if(packet->udp->dest == dropbox_port) { + if(packet->udp->source == dropbox_port) { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } + } + } else { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } } } } diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 2082b5263..8768cac6f 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -53,12 +53,15 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(packet->udp != NULL) { u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; - + if(flow->l4.udp.eaq_pkt_id == 0) flow->l4.udp.eaq_sequence = seq; else { if( (flow->l4.udp.eaq_sequence != seq) && - ((flow->l4.udp.eaq_sequence+1) != seq)) break; + ((flow->l4.udp.eaq_sequence+1) != seq)) + break; + else + flow->l4.udp.eaq_sequence = seq; } if(++flow->l4.udp.eaq_pkt_id == 4) { @@ -66,7 +69,8 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd NDPI_LOG_INFO(ndpi_struct, "found eaq\n"); ndpi_int_eaq_add_connection(ndpi_struct, flow); return; - } + } else + return; } } while(0); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index e544724a5..8a4eafca4 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -31,13 +31,16 @@ static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } - + +static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { + return(((a == c) || (b == c)) ? 1 : 0); +} + static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if(flow->host_server_name[0] != '\0') return; @@ -46,10 +49,15 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s flow->l4.udp.skype_packet_id++; if(flow->l4.udp.skype_packet_id < 5) { + u_int16_t sport = ntohs(packet->udp->source); u_int16_t dport = ntohs(packet->udp->dest); /* skype-to-skype */ - if(dport != 1119) /* It can be confused with battle.net */ { + if(is_port(sport, dport, 1119) /* It can be confused with battle.net */ + || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */ + ) { + ; + } else { if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) || ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ @@ -57,11 +65,12 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s ndpi_skype_report_protocol(ndpi_struct, flow); } } + return; } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; - // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; -- cgit v1.2.3 From babb1c864c47437d37cfc005967aab5e635d754c Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Mon, 19 Nov 2018 18:25:12 +0100 Subject: removed -r not supported on all systems --- src/lib/Makefile.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index aad90d486..1f07773e9 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -46,7 +46,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(NDPI_LIB_SHARED): $(OBJECTS) $(CC) -shared -fPIC $(SONAME_FLAG) -o $@ $(OBJECTS) - ln -Ffsr $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ @@ -57,6 +57,6 @@ clean: install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ - ln -Ffsr $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) mkdir -p $(DESTDIR)$(includedir) cp ../include/*.h $(DESTDIR)$(includedir) -- cgit v1.2.3 From 12adb256650bece834173fce6213021d2e7a677b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 19 Nov 2018 18:28:18 +0100 Subject: Improved Skype detection Update test results Added initialization for some free protocols --- src/lib/ndpi_main.c | 2 +- tests/result/skype.pcap.out | 387 +++++++++++++++++---------------- tests/result/skype_no_unknown.pcap.out | 359 +++++++++++++++--------------- tests/result/wechat.pcap.out | 98 ++++----- 4 files changed, 424 insertions(+), 422 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 02ad31a5e..fcfaec713 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1249,7 +1249,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 590f97c71..4d09243a3 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -3,11 +3,12 @@ DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 +SkypeCallIn 1555 267750 192 ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 -Skype 2139 324409 249 +Skype 584 56659 57 Apple 3 168 1 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -15,17 +16,17 @@ MS_OneDrive 387 198090 1 ApplePush 12 1877 1 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] - 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes] 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] - 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125/Skype][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes] 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] - 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] - 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] - 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] - 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] + 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] + 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] 15 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes] @@ -33,75 +34,75 @@ ApplePush 12 1877 1 17 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes] 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] - 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][cat: VoIP/10][11 pkts/1578 bytes <-> 4 pkts/342 bytes] + 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/1578 bytes <-> 4 pkts/342 bytes] 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes] 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][cat: VoIP/10][14 pkts/1090 bytes <-> 6 pkts/534 bytes] + 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1090 bytes <-> 6 pkts/534 bytes] 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes] 25 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1305 bytes <-> 3 pkts/285 bytes] 26 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1218 bytes <-> 4 pkts/351 bytes] 27 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/285 bytes] 28 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/955 bytes <-> 9 pkts/561 bytes] 29 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1270 bytes <-> 3 pkts/243 bytes] - 30 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][cat: VoIP/10][15 pkts/1138 bytes <-> 4 pkts/372 bytes] - 31 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][cat: VoIP/10][14 pkts/1075 bytes <-> 4 pkts/431 bytes] - 32 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][cat: VoIP/10][14 pkts/1100 bytes <-> 5 pkts/395 bytes] + 30 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][15 pkts/1138 bytes <-> 4 pkts/372 bytes] + 31 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 32 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1100 bytes <-> 5 pkts/395 bytes] 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1207 bytes <-> 3 pkts/277 bytes] 34 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][cat: Web/5][12 pkts/1221 bytes <-> 3 pkts/231 bytes] - 35 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][14 pkts/1062 bytes <-> 4 pkts/383 bytes] - 36 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes] - 37 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes] - 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 35 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1062 bytes <-> 4 pkts/383 bytes] + 36 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 37 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes] + 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1010 bytes <-> 5 pkts/402 bytes] 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1151 bytes <-> 3 pkts/260 bytes] - 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][14 pkts/1040 bytes <-> 4 pkts/362 bytes] - 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1040 bytes <-> 4 pkts/362 bytes] + 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/397 bytes] 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes] - 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes] 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][cat: Web/5][11 pkts/1140 bytes <-> 3 pkts/250 bytes] - 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes] - 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/391 bytes] - 48 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/386 bytes] - 49 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 48 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 49 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/380 bytes] 50 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][cat: Web/5][13 pkts/1176 bytes <-> 3 pkts/200 bytes] - 51 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes] - 52 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][cat: VoIP/10][13 pkts/971 bytes <-> 4 pkts/399 bytes] - 53 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes] - 54 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes] - 55 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/407 bytes] - 56 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes] + 51 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes] + 52 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 53 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 54 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes] + 55 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 56 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes] 57 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1074 bytes <-> 3 pkts/277 bytes] 58 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1102 bytes <-> 3 pkts/247 bytes] 59 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1109 bytes <-> 3 pkts/236 bytes] - 60 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes] + 60 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes] 61 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1074 bytes <-> 3 pkts/254 bytes] - 62 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes] + 62 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes] 63 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1088 bytes <-> 3 pkts/236 bytes] - 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes] 65 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][cat: Web/5][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes] 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1039 bytes <-> 3 pkts/267 bytes] - 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes] - 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][cat: VoIP/10][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/982 bytes <-> 4 pkts/322 bytes] 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1002 bytes <-> 3 pkts/285 bytes] - 71 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes] - 72 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes] + 71 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 72 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes] 73 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/999 bytes <-> 4 pkts/266 bytes] 74 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1032 bytes <-> 3 pkts/230 bytes] - 75 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes] - 76 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/411 bytes] - 77 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][cat: VoIP/10][13 pkts/994 bytes <-> 2 pkts/243 bytes] - 78 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes] - 79 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes] - 80 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes] + 75 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes] + 76 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 77 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 78 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 79 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes] + 80 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes] 81 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/857 bytes <-> 4 pkts/351 bytes] - 82 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][11 pkts/827 bytes <-> 3 pkts/325 bytes] + 82 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/827 bytes <-> 3 pkts/325 bytes] 83 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][9 pkts/862 bytes <-> 3 pkts/285 bytes] - 84 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][cat: VoIP/10][12 pkts/935 bytes <-> 2 pkts/197 bytes] + 84 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/935 bytes <-> 2 pkts/197 bytes] 85 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/237 bytes] - 86 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][11 pkts/838 bytes <-> 3 pkts/270 bytes] + 86 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/838 bytes <-> 3 pkts/270 bytes] 87 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][9 pkts/822 bytes <-> 3 pkts/285 bytes] - 88 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 88 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/814 bytes <-> 3 pkts/287 bytes] 89 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/908 bytes -> 0 pkts/0 bytes] 90 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes] 91 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes] @@ -141,8 +142,8 @@ ApplePush 12 1877 1 125 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 126 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 127 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] @@ -151,150 +152,150 @@ ApplePush 12 1877 1 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] 275 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] 276 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 9c1dcbd1f..1c43d3161 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -3,11 +3,12 @@ DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 SSDP 40 14100 3 +SkypeCallIn 684 60681 178 ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1291 190136 223 +Skype 607 129455 45 Apple 76 19581 1 MS_OneDrive 348 181687 1 ApplePush 8 1118 1 @@ -16,10 +17,10 @@ ApplePush 8 1118 1 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes] - 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] - 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] + 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] + 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes] + 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes] 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][4 pkts/818 bytes <-> 4 pkts/2172 bytes] 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1446 bytes <-> 4 pkts/266 bytes] @@ -29,52 +30,52 @@ ApplePush 8 1118 1 15 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][cat: Web/5][12 pkts/1291 bytes <-> 3 pkts/242 bytes] 16 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1235 bytes <-> 3 pkts/285 bytes] 17 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/265 bytes] - 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][cat: VoIP/10][14 pkts/1104 bytes <-> 5 pkts/392 bytes] - 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][cat: VoIP/10][14 pkts/1106 bytes <-> 5 pkts/385 bytes] - 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP/10][14 pkts/1070 bytes <-> 4 pkts/420 bytes] - 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes] + 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1104 bytes <-> 5 pkts/392 bytes] + 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1070 bytes <-> 4 pkts/420 bytes] + 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes] 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][11 pkts/1164 bytes <-> 3 pkts/268 bytes] 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1077 bytes <-> 4 pkts/351 bytes] - 24 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes] - 25 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes] - 26 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][14 pkts/1093 bytes <-> 4 pkts/333 bytes] + 24 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes] + 25 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes] + 26 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1093 bytes <-> 4 pkts/333 bytes] 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][12 pkts/1130 bytes <-> 3 pkts/285 bytes] 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1130 bytes <-> 3 pkts/285 bytes] 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1095 bytes <-> 3 pkts/285 bytes] 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1022 bytes <-> 4 pkts/351 bytes] - 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP/10][13 pkts/991 bytes <-> 4 pkts/378 bytes] - 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes] + 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/991 bytes <-> 4 pkts/378 bytes] + 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes] 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1012 bytes <-> 4 pkts/351 bytes] - 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][cat: VoIP/10][13 pkts/976 bytes <-> 4 pkts/365 bytes] - 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes] - 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes] - 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes] - 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/349 bytes] - 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes] - 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes] - 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes] - 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes] + 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes] + 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes] + 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/349 bytes] + 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes] + 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes] + 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/861 bytes <-> 4 pkts/397 bytes] + 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes] 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][cat: Web/5][10 pkts/972 bytes <-> 3 pkts/285 bytes] 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/902 bytes <-> 4 pkts/351 bytes] - 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes] - 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][cat: VoIP/10][12 pkts/942 bytes <-> 3 pkts/284 bytes] - 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][cat: VoIP/10][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes] + 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/832 bytes <-> 4 pkts/387 bytes] 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/852 bytes <-> 4 pkts/351 bytes] - 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][12 pkts/916 bytes <-> 3 pkts/281 bytes] - 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP/10][11 pkts/862 bytes <-> 3 pkts/314 bytes] - 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/916 bytes <-> 3 pkts/281 bytes] + 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes] 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/285 bytes] - 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][cat: VoIP/10][12 pkts/931 bytes <-> 2 pkts/219 bytes] - 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP/10][11 pkts/855 bytes <-> 3 pkts/287 bytes] + 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/855 bytes <-> 3 pkts/287 bytes] 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/958 bytes <-> 2 pkts/184 bytes] - 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][cat: VoIP/10][11 pkts/848 bytes <-> 3 pkts/286 bytes] + 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/848 bytes <-> 3 pkts/286 bytes] 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][cat: Cloud/13][4 pkts/674 bytes <-> 4 pkts/444 bytes] 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 60 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP/10][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][7 pkts/571 bytes <-> 3 pkts/286 bytes] 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes] 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes] 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] @@ -107,8 +108,8 @@ ApplePush 8 1118 1 93 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 94 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 95 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][4 pkts/328 bytes -> 0 pkts/0 bytes] - 96 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] - 97 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 96 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 97 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 98 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes] 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes] @@ -119,153 +120,153 @@ ApplePush 8 1118 1 105 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] 106 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 108 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] 247 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] 248 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] 249 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 92c6852e0..716e4cb6a 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -13,52 +13,52 @@ LLMNR 12 944 6 WeChat 1251 606425 49 GoogleDocs 15 5114 2 - 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][cat: Chat/9][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] - 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] - 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com] - 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com] - 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com][server: web.wechat.com] - 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com][server: web.wechat.com] - 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com][server: web.wechat.com] - 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com][server: web.wechat.com] - 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com][server: web.wechat.com] - 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com][server: web.wechat.com] - 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com][server: web.wechat.com] - 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com][server: web.wechat.com] - 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com][server: web.wechat.com] - 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com][server: web.wechat.com] - 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com][server: web.wechat.com] - 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] - 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] - 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com][server: web.wechat.com] - 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] - 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] + 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] + 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] + 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com] + 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com] + 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com][server: web.wechat.com] + 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com][server: web.wechat.com] + 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com][server: web.wechat.com] + 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com][server: web.wechat.com] + 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com][server: web.wechat.com] + 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com][server: web.wechat.com] + 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com][server: web.wechat.com] + 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com][server: web.wechat.com] + 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com][server: web.wechat.com] + 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com][server: web.wechat.com] + 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com][server: web.wechat.com] + 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] + 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com][server: web.wechat.com] + 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] + 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com] 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][cat: Media/1][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] - 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] - 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] - 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] - 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] - 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] - 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] - 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com] + 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] + 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] + 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] + 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com] 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes] 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes] - 35 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][2 pkts/2508 bytes -> 0 pkts/0 bytes] + 35 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][2 pkts/2508 bytes -> 0 pkts/0 bytes] 36 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1428 bytes -> 0 pkts/0 bytes] 37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][cat: Web/5][10 pkts/660 bytes <-> 10 pkts/660 bytes] 38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1148 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][13 pkts/866 bytes <-> 4 pkts/280 bytes] + 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][13 pkts/866 bytes <-> 4 pkts/280 bytes] 40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/1078 bytes -> 0 pkts/0 bytes] - 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][cat: Chat/9][3 pkts/802 bytes <-> 3 pkts/198 bytes] + 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][3 pkts/802 bytes <-> 3 pkts/198 bytes] 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][9 pkts/828 bytes -> 0 pkts/0 bytes] 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][15 pkts/810 bytes -> 0 pkts/0 bytes] 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes] - 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes] - 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 4 pkts/280 bytes] 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] 48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] 49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] @@ -67,18 +67,18 @@ GoogleDocs 15 5114 2 52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] 53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes] 54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][cat: Web/5][4 pkts/264 bytes <-> 4 pkts/319 bytes] - 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 3 pkts/214 bytes] - 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 3 pkts/214 bytes] 57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes] 58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes] 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes] 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/198 bytes <-> 4 pkts/319 bytes] 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes] - 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] + 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/198 bytes <-> 3 pkts/198 bytes] - 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][6 pkts/396 bytes -> 0 pkts/0 bytes] + 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][6 pkts/396 bytes -> 0 pkts/0 bytes] 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] - 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][3 pkts/206 bytes <-> 2 pkts/148 bytes] + 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][3 pkts/206 bytes <-> 2 pkts/148 bytes] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] @@ -86,33 +86,33 @@ GoogleDocs 15 5114 2 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes] 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][4 pkts/200 bytes -> 0 pkts/0 bytes] - 74 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 74 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][2 pkts/132 bytes <-> 1 pkts/66 bytes] 75 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] 76 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq] 77 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] - 78 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 78 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] 79 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan] - 80 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 81 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 80 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 81 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 82 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org] 83 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] 84 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 85 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] 86 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] 87 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] - 88 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][2 pkts/132 bytes -> 0 pkts/0 bytes] - 89 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat/9][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 88 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][2 pkts/132 bytes -> 0 pkts/0 bytes] + 89 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][1 pkts/66 bytes <-> 1 pkts/66 bytes] 91 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][cat: Web/5][2 pkts/132 bytes -> 0 pkts/0 bytes] 92 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes] 93 0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes] 94 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes] - 95 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 96 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 95 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 96 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] 97 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes] - 98 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 99 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 100 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 98 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 99 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 100 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 101 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 102 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] 103 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/54 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 669fdf6b5f3657c638ffa8df6ff1baebf5b311b1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Nov 2018 00:32:32 +0100 Subject: Improved skype, teredo, netbios heuristics Changed ndpi_detection_giveup() API: guess is now part of the call --- example/ndpiReader.c | 51 +----- example/ndpi_util.c | 7 +- src/include/ndpi_api.h | 4 +- src/lib/ndpi_main.c | 77 ++++++-- src/lib/protocols/netbios.c | 5 +- src/lib/protocols/skype.c | 2 +- src/lib/protocols/teredo.c | 2 +- tests/do.sh | 5 +- tests/result/pps.pcap.out | 193 ++++++++++---------- tests/result/skype.pcap.out | 310 ++++++++++++++++---------------- tests/result/skype_no_unknown.pcap.out | 316 ++++++++++++++++----------------- tests/result/viber.pcap.out | 42 +++-- tests/result/waze.pcap.out | 27 ++- 13 files changed, 531 insertions(+), 510 deletions(-) (limited to 'src/lib') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index cb3238a88..78d95a76d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -81,7 +81,8 @@ static json_object *jArray_topStats; static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ -static u_int8_t enable_protocol_guess = 1, verbose = 0, json_flag = 0; +u_int8_t enable_protocol_guess = 1; +static u_int8_t verbose = 0, json_flag = 0; int nDPI_LogLevel = 0; char *_debug_protocols = NULL; static u_int8_t stats_flag = 0, bpf_filter_flag = 0; @@ -97,7 +98,7 @@ static struct timeval begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif -static struct timeval pcap_start, pcap_end; +static struct timeval pcap_start = { 0, 0}, pcap_end = { 0, 0 }; /** Detection parameters **/ static time_t capture_for = 0; static time_t capture_until = 0; @@ -905,27 +906,6 @@ static void node_print_known_proto_walker(const void *node, /* ********************************** */ -/** - * @brief Guess Undetected Protocol - */ -static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi_flow_info *flow) { - - flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, - NULL, - flow->protocol, - ntohl(flow->src_ip), - ntohs(flow->src_port), - ntohl(flow->dst_ip), - ntohs(flow->dst_port)); - // printf("Guess state: %u\n", flow->detected_protocol); - if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) - ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols++; - - return(flow->detected_protocol.app_protocol); -} - -/* ********************************** */ - /** * @brief Proto Guess Walker */ @@ -935,13 +915,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ if((!flow->detection_completed) && flow->ndpi_flow) - flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow); - - if(enable_protocol_guess) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - node_guess_undetected_protocol(thread_id, flow); - } - } + flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow, enable_protocol_guess); process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); @@ -1416,23 +1390,12 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, /** - * @brief On Protocol Discover - call node_guess_undetected_protocol() for protocol + * @brief On Protocol Discover - demo callback */ static void on_protocol_discovered(struct ndpi_workflow * workflow, struct ndpi_flow_info * flow, void * udata) { - const u_int16_t thread_id = (uintptr_t) udata; - - if(verbose > 1) { - if(enable_protocol_guess) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow), - flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN; - } - } - - // printFlow(thread_id, flow); - } + ; } #if 0 @@ -2026,8 +1989,10 @@ static void printResults(u_int64_t tot_usec) { float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; + if(live_capture) traffic_duration = tot_usec; else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec); + printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)traffic_duration; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 1a0d45914..58dc896b1 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -74,6 +74,8 @@ #include "ndpi_main.h" #include "ndpi_util.h" +extern u_int8_t enable_protocol_guess; + /* ***************************************************** */ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { @@ -677,8 +679,9 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->check_extra_packets = 1; if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, - flow->ndpi_flow); + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow, + enable_protocol_guess); + process_ndpi_collected_info(workflow, flow); } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index c7ed7cd17..5bee25f5b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -213,11 +213,13 @@ extern "C" { * * @par ndpi_struct = the detection module * @par flow = the flow given for the detection module + * @par enable_guess = guess protocol if unknown * @return the detected protocol even if the flow is not completed; * */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow); + struct ndpi_flow_struct *flow, + u_int8_t enable_guess); /** * Processes an extra packet in order to get more information for a given protocol diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index fcfaec713..c7d9e237e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2526,6 +2526,25 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_ /* ****************************************************** */ +/* + These are UDP protocols that must fit a single packet + and thus that if have NOT been detected they cannot be guessed + as they have been excluded + */ +u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) { + switch(l7_guessed_proto) { + case NDPI_PROTOCOL_QUIC: + case NDPI_PROTOCOL_SNMP: + case NDPI_PROTOCOL_NETFLOW: + /* TODO: add more protocols (if any missing) */ + return(1); + } + + return(0); +} + +/* ****************************************************** */ + u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, @@ -2541,7 +2560,9 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc /* We need to check if the guessed protocol isn't excluded by nDPI */ if(flow && (proto == IPPROTO_UDP) - && (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto))) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto) + && is_udp_guessable_protocol(guessed_proto) + ) return(NDPI_PROTOCOL_UNKNOWN); else { *user_defined_proto = found->customUserProto; @@ -3397,7 +3418,7 @@ static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struc } return 0; } -#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ +#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ static u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize) @@ -3605,13 +3626,18 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str && flow->init_finished != 0 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { u_int8_t backup; + u_int16_t backup1, backup2; if(flow->http.url) ndpi_free(flow->http.url); if(flow->http.content_type) ndpi_free(flow->http.content_type); - backup = flow->num_processed_pkts; + backup = flow->num_processed_pkts; + backup1 = flow->guessed_protocol_id; + backup2 = flow->guessed_host_protocol_id; memset(flow, 0, sizeof(*(flow))); flow->num_processed_pkts = backup; + flow->guessed_protocol_id = backup1; + flow->guessed_host_protocol_id = backup2; NDPI_LOG_DBG(ndpi_struct, "tcp syn packet for unknown protocol, reset detection state\n"); @@ -3785,9 +3811,8 @@ void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_struct ndpi_struct->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask && (flow == NULL || - NDPI_BITMASK_COMPARE - (flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0) + NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, + ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0) && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_non_tcp_udp[a].detection_bitmask, detection_bitmask) != 0) { @@ -3905,8 +3930,7 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && (ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct-> - callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 + ndpi_struct->callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_no_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_no_payload[a].func(ndpi_struct, flow); @@ -3951,7 +3975,7 @@ static u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct /* ********************************************************************************* */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { + struct ndpi_flow_struct *flow, u_int8_t enable_guess) { ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; if(flow == NULL) return(ret); @@ -3973,13 +3997,18 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && ((flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + && ((flow->packet.l4_protocol == IPPROTO_UDP) + && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id) + && is_udp_guessable_protocol(guessed_host_protocol_id) + )) flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)) + && (flow->packet.l4_protocol == IPPROTO_UDP) + && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id) + && is_udp_guessable_protocol(guessed_protocol_id)) flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) @@ -4026,6 +4055,20 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ret.app_protocol = NDPI_PROTOCOL_HANGOUT; } + if(enable_guess + && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) + && flow->packet.iph /* Guess only IPv4 */ + && (flow->packet.tcp || flow->packet.udp) + ) + ret = ndpi_guess_undetected_protocol(ndpi_struct, + flow, + flow->packet.l4_protocol, + ntohl(flow->packet.iph->saddr), + ntohs(flow->packet.udp ? flow->packet.udp->source : flow->packet.tcp->source), + ntohl(flow->packet.iph->daddr), + ntohs(flow->packet.udp ? flow->packet.udp->dest : flow->packet.tcp->dest) + ); + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); @@ -4421,7 +4464,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->packet.iph) { if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ - ret = ndpi_detection_giveup(ndpi_struct, flow); + ret = ndpi_detection_giveup(ndpi_struct, flow, 0); } ndpi_fill_protocol_category(ndpi_struct, flow, &ret); @@ -4499,7 +4542,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct We don't see how future packets can match anything hence we giveup here */ - ret = ndpi_detection_giveup(ndpi_struct, flow); + ret = ndpi_detection_giveup(ndpi_struct, flow, 0); } return(ret); @@ -5382,7 +5425,9 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + if(flow && (proto == IPPROTO_UDP) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) + && is_udp_guessable_protocol(rc)) ; else { ret.app_protocol = rc, @@ -5399,7 +5444,9 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + if(flow && (proto == IPPROTO_UDP) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) + && is_udp_guessable_protocol(rc)) ; else { ret.app_protocol = rc; diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 4c5897c14..925b864ad 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -330,9 +330,8 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "found netbios port 138 and payload length >= 112 \n"); - if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { - - NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); + if(packet->payload[0] >= 0x10 && packet->payload[0] <= 0x16) { + NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x10,0x11,0x12,0x13,0x14,0x15 or 0x16\n"); if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { NDPI_LOG_INFO(ndpi_struct, "found netbios with checked ip-address\n"); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 8a4eafca4..faeac17c5 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -66,7 +66,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s } } - return; + // return; } NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 732b1d6c9..e377d09a4 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -32,7 +32,7 @@ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_LOG_DBG(ndpi_struct,"search teredo\n"); if(packet->udp && packet->iph - && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */) + && ((ntohl(packet->iph->daddr) & 0xF0000000) != 0xE0000000 /* Not a multicast address */) && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544)) && (packet->payload_packet_len >= 40 /* IPv6 header */)) { NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); diff --git a/tests/do.sh b/tests/do.sh index 7516e5997..a17878fb5 100755 --- a/tests/do.sh +++ b/tests/do.sh @@ -7,7 +7,10 @@ build_results() { for f in $PCAPS; do #echo $f # create result files if not present - [ ! -f result/$f.out ] && $READER -q -i pcap/$f -w result/$f.out -v 1 + if [ ! -f result/$f.out ]; then + CMD="$READER -q -i pcap/$f -w result/$f.out -v 1" + $CMD + fi done } diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 778aa1197..baad4b4e6 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,9 +1,10 @@ -Unknown 990 378832 34 +Unknown 985 375351 33 HTTP 47 42014 11 SSDP 63 17143 10 HTTP_Download 26 27222 2 Google 2 1093 1 GenericProtocol 1429 1780307 49 +QUIC 5 3481 1 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] @@ -12,72 +13,73 @@ GenericProtocol 1429 1780307 49 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] - 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] - 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] - 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] - 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] - 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] - 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] - 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] - 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] - 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] - 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] - 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] - 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] - 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] - 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] - 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] - 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] - 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] - 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] - 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] - 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] - 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] - 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] - 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] - 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] - 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] - 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] - 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] - 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] - 73 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 188/QUIC][cat: Web/5][2 pkts/158 bytes <-> 3 pkts/3323 bytes] + 9 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] + 10 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 11 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] + 12 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] + 13 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] + 14 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 15 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 16 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 17 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 18 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] + 20 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 21 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] + 22 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 23 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] + 24 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 25 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] + 26 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 27 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] + 28 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 29 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 30 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 31 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 32 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 33 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 34 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] + 35 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 36 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] + 37 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 41 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] + 42 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 43 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 44 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] + 45 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] + 46 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 47 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 48 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 51 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] + 52 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] + 53 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 54 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] + 55 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 56 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] + 57 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 58 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 59 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 60 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 61 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 62 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] + 63 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 64 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 65 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 66 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] + 68 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] + 69 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] + 70 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] + 72 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] + 73 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] + 74 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -86,32 +88,31 @@ Undetected flows: 3 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][30 pkts/33210 bytes <-> 71 pkts/5609 bytes] 4 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][34 pkts/2686 bytes <-> 11 pkts/12177 bytes] 5 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][30 pkts/2370 bytes <-> 10 pkts/10042 bytes] - 6 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][2 pkts/158 bytes <-> 3 pkts/3323 bytes] - 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 13 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] - 14 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 26 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 12 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] + 13 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 26 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 4d09243a3..ddb00deaa 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 175 20913 11 +Unknown 171 20697 10 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -9,7 +9,7 @@ IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 Skype 584 56659 57 -Apple 3 168 1 +Apple 7 384 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -146,157 +146,158 @@ ApplePush 12 1877 1 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 133 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 134 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 275 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 276 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 140/Apple][cat: Web/5][4 pkts/216 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 134 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 135 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 136 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 137 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 138 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 275 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 276 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 282 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 283 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -309,5 +310,4 @@ Undetected flows: 7 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] 8 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 1c43d3161..a278e42eb 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 186 61791 12 +Unknown 183 61585 11 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -8,7 +8,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 607 129455 45 +Skype 610 129661 46 Apple 76 19581 1 MS_OneDrive 348 181687 1 ApplePush 8 1118 1 @@ -114,160 +114,161 @@ ApplePush 8 1118 1 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes] 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes] 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 102 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 103 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 105 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 106 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 108 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 247 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 248 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 249 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] + 102 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 103 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 104 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 105 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 106 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 107 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 109 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 248 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 249 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 256 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -281,5 +282,4 @@ Undetected flows: 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] 10 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 738169827..0c85aae9e 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -1,3 +1,4 @@ +Unknown 93 13829 4 DNS 8 1267 4 MDNS 4 412 1 ICMP 2 3028 1 @@ -5,7 +6,7 @@ SSL 129 42221 7 ICMPV6 2 140 1 Facebook 2 281 1 Google 2 164 1 -Viber 268 99524 9 +Viber 175 85695 5 QUIC 3 194 1 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/SSL.Viber][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][client: dl-media.viber.com][server: *.viber.com] @@ -16,21 +17,24 @@ QUIC 3 194 1 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com] 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][client: venetia.iad.appboy.com][server: y.ssl.fastly.net] 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com] - 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: Chat/9][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] - 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: Chat/9][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] - 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] - 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] - 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 15 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] - 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] - 18 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] - 19 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] - 20 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] - 21 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] - 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] - 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] - 24 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] - 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 9 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] + 10 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] + 11 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 12 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 13 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] + 15 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] + 16 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] + 17 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] + 18 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] + 19 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] + 20 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] + 21 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] + 22 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] + + +Undetected flows: + 1 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 0/Unknown][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] + 2 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 0/Unknown][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] + 3 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 4 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 5b183ea2c..bdb4acf91 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,4 +1,3 @@ -Unknown 10 786 1 HTTP 28 1572 7 NTP 2 180 1 HTTP_Download 37 63205 1 @@ -6,6 +5,7 @@ SSL_No_Cert 13 2142 1 SSL 8 432 2 Waze 484 289335 19 WhatsApp 15 1341 1 +Amazon 10 786 1 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com] 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net] @@ -29,17 +29,14 @@ WhatsApp 15 1341 1 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] - 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 27 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 29 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 31 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] - - -Undetected flows: - 1 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][8 pkts/678 bytes <-> 2 pkts/108 bytes] + 23 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 91.178/SSL.Amazon][cat: Web/5][8 pkts/678 bytes <-> 2 pkts/108 bytes] + 24 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 25 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 26 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 28 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 29 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 30 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 31 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 32 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 33 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] -- cgit v1.2.3 From 54deb1302d12cdf8611b243096969af531274844 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 28 Nov 2018 00:09:44 +0100 Subject: Added Signal.org dissector --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 2 ++ src/lib/ndpi_main.c | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index aefb0fce2..376ae1958 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -73,7 +73,7 @@ typedef enum { NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow */ NDPI_PROTOCOL_BITTORRENT = 37, NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, - NDPI_PROTOCOL_FREE_39 = 39, /* Free */ + NDPI_PROTOCOL_SIGNAL = 39, NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4bfdde983..778618862 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8419,6 +8419,8 @@ ndpi_protocol_match host_match[] = { { "snapcraft.io", NULL, "snapcraft\\.io" TLD, "UbuntuONE", NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "ubuntu.com", NULL, "ubuntu\\.com" TLD, "UbuntuONE", NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "signal.org", NULL, "signal\\.org" TLD, "Signal", NDPI_PROTOCOL_SIGNAL, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "whispersystems.org", NULL, "whispersystems\\.org" TLD, "Signal", NDPI_PROTOCOL_SIGNAL, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, NULL, NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c7d9e237e..00707cd8a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1244,9 +1244,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, - no_master, - no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SIGNAL, + no_master, /* https://signal.org */ + no_master, "Signal", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196, -- cgit v1.2.3 From 5429063546fe8a73adc50e2d6eac4e00046c4424 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 28 Nov 2018 00:24:41 +0100 Subject: Improved WhatsApp detection --- src/lib/ndpi_content_match.c.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 778618862..7ea9927ec 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -80,6 +80,8 @@ static ndpi_network host_protocol_list[] = { /* WhatsApp Inc. */ + { 0x1F0D4B00 /* 31.13.75.0/24 */, 24, NDPI_PROTOCOL_WHATSAPP }, + { 0x1F0D5600 /* 31.13.86.0/24 */, 24, NDPI_PROTOCOL_WHATSAPP }, { 0x3216C6CC /* 50.22.198.204/30 */, 30, NDPI_PROTOCOL_WHATSAPP }, { 0x4B7E2720 /* 75.126.39.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0x6CA8B460 /* 108.168.180.96/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, -- cgit v1.2.3 From ea7e7c753b20bfdb4edd97499362a3a331631e04 Mon Sep 17 00:00:00 2001 From: Vitaliy Ivanov Date: Wed, 28 Nov 2018 16:40:34 +0200 Subject: build: correct example dpdk linking with pcap. - take libpcap from configure information. - clean up distclean. Signed-off-by: Vitaliy Ivanov --- example/Makefile.dpdk.in | 4 ++-- example/Makefile.in | 6 +++++- src/lib/Makefile.in | 3 +++ 3 files changed, 10 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/example/Makefile.dpdk.in b/example/Makefile.dpdk.in index 8519d7d0e..d96975483 100644 --- a/example/Makefile.dpdk.in +++ b/example/Makefile.dpdk.in @@ -14,14 +14,14 @@ RTE_TARGET ?= x86_64-native-linuxapp-gcc include $(RTE_SDK)/mk/rte.vars.mk -APP = ndpiReader +APP = ndpiReader.dpdk LIBNDPI = $(PWD)/../src/lib/libndpi.a SRCS-y := ndpi_util.c ndpiReader.c CFLAGS += -g CFLAGS += -Wno-strict-prototypes -Wno-missing-prototypes -Wno-missing-declarations -Wno-unused-parameter -I $(PWD)/../src/include @CFLAGS@ -DUSE_DPDK -LDLIBS = $(LIBNDPI) -lpthread @LDFLAGS@ +LDLIBS = $(LIBNDPI) @PCAP_LIB@ -lpthread @LDFLAGS@ include $(RTE_SDK)/mk/rte.extapp.mk diff --git a/example/Makefile.in b/example/Makefile.in index 3e0f25d91..84f3f3623 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -1,7 +1,7 @@ CC=@CC@ CFLAGS=-g -I../src/include @CFLAGS@ LIBNDPI=../src/lib/libndpi.a -LDFLAGS=$(LIBNDPI) -lpcap -lpthread @LDFLAGS@ +LDFLAGS=$(LIBNDPI) @PCAP_LIB@ -lpthread @LDFLAGS@ OBJS=ndpiReader.o ndpi_util.o PREFIX?=/usr/local @@ -21,4 +21,8 @@ dpdk: clean: /bin/rm -f *.o ndpiReader + /bin/rm -rf build +distclean: clean + /bin/rm -f Makefile.dpdk + /bin/rm -f Makefile diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1f07773e9..c22aa1a36 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -54,6 +54,9 @@ $(NDPI_LIB_SHARED): $(OBJECTS) clean: /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo +distclean: clean + /bin/rm -f Makefile + install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ -- cgit v1.2.3 From 9cbf25a76fc03c1a8440aa473523c4287aabb200 Mon Sep 17 00:00:00 2001 From: Vitaliy Ivanov Date: Wed, 28 Nov 2018 16:56:22 +0200 Subject: build: cleanup .so.X.X.X if present. Signed-off-by: Vitaliy Ivanov --- src/lib/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index c22aa1a36..297869fe3 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -52,7 +52,7 @@ $(NDPI_LIB_SHARED): $(OBJECTS) $(CC) $(CFLAGS) -c $< -o $@ clean: - /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo + /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo $(NDPI_LIB_SHARED) distclean: clean /bin/rm -f Makefile -- cgit v1.2.3 From c09284ba276a3caf9dd4a8d9440e35e2808d5551 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 29 Nov 2018 08:44:41 +0100 Subject: Improved heuristics Used the host guessed protocol if upper protocol has not been detected --- src/lib/ndpi_content_match.c.inc | 4 +- src/lib/ndpi_main.c | 9 + src/lib/protocols/skype.c | 5 +- tests/result/1kxun.pcap.out | 4 +- tests/result/Instagram.pcap.out | 5 +- tests/result/KakaoTalk_chat.pcap.out | 6 +- tests/result/KakaoTalk_talk.pcap.out | 6 +- tests/result/hangout.pcap.out | 4 +- tests/result/nintendo.pcap.out | 6 +- tests/result/ocs.pcap.out | 13 +- tests/result/pps.pcap.out | 193 ++++++++-------- tests/result/quic.pcap.out | 5 +- tests/result/skype.pcap.out | 362 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 37 ++- tests/result/snapchat.pcap.out | 4 +- tests/result/starcraft_battle.pcap.out | 5 +- tests/result/viber.pcap.out | 56 +++-- tests/result/waze.pcap.out | 4 +- tests/result/webex.pcap.out | 6 +- tests/result/weibo.pcap.out | 7 +- tests/result/whatsapp_login_call.pcap.out | 12 +- tests/result/whatsapp_login_chat.pcap.out | 5 +- 22 files changed, 378 insertions(+), 380 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 7ea9927ec..45cd46484 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -118,8 +118,6 @@ static ndpi_network host_protocol_list[] = { { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0XCBCDB000 /* 203.205.176.0/20 */, 20, NDPI_PROTOCOL_WECHAT }, { 0XCBCDC000 /* 203.205.192.0/18 */, 18, NDPI_PROTOCOL_WECHAT }, - - /* OpenDNS, LLC @@ -814,7 +812,7 @@ static ndpi_network host_protocol_list[] = { /* Canonical Ltd (Ubuntu) - origin AS41231 + origin AS41231z */ { 0x5BBD5800 /* 91.189.88.0/21 */, 21, NDPI_PROTOCOL_UBUNTUONE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 00707cd8a..0812e63ac 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5179,6 +5179,15 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, if(upper_detected_protocol == lower_detected_protocol) lower_detected_protocol = NDPI_PROTOCOL_UNKNOWN; + if((upper_detected_protocol != NDPI_PROTOCOL_UNKNOWN) + && (lower_detected_protocol == NDPI_PROTOCOL_UNKNOWN)) { + if((flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (upper_detected_protocol != flow->guessed_host_protocol_id)) { + lower_detected_protocol = upper_detected_protocol; + upper_detected_protocol = flow->guessed_host_protocol_id; + } + } + ndpi_int_change_flow_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol); ndpi_int_change_packet_protocol(ndpi_struct, flow, diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index faeac17c5..0f5e8c780 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -72,7 +72,10 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; // TCP check - } else if(packet->tcp != NULL) { + } else if((packet->tcp != NULL) + /* As the TCP skype heuristic is weak, we need to make sure no other protocols overlap */ + && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)) { flow->l4.tcp.skype_packet_id++; if(flow->l4.tcp.skype_packet_id < 3) { diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index e02ddac2f..5eead7a9c 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -2,7 +2,6 @@ Unknown 24 6428 14 DNS 2 378 1 HTTP 524 220123 9 MDNS 1 82 1 -NTP 1 90 1 NetBIOS 31 3589 8 SSDP 143 36951 13 DHCP 24 8208 5 @@ -13,6 +12,7 @@ DHCPV6 10 980 3 Facebook 19 6840 2 Google 3 176 1 GenericProtocol 433 311919 14 +Apple 1 90 1 LLMNR 89 6799 47 1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Web/5][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] @@ -123,7 +123,7 @@ LLMNR 89 6799 47 106 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] 107 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] 108 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9.140/NTP.Apple][cat: Web/5][1 pkts/90 bytes -> 0 pkts/0 bytes] 110 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes] 111 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] 112 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 9a34e2008..7e35db0cc 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -2,11 +2,12 @@ Unknown 1 66 1 HTTP 116 91784 6 ICMP 5 510 1 SSL 2 169 1 -Facebook 251 215986 5 +Facebook 101 62428 4 Dropbox 5 725 2 +WhatsApp 150 153558 1 Instagram 363 255094 16 - 1 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] + 1 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.142/HTTP.WhatsApp][cat: Chat/9][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] 2 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com] 3 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com] 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index eedfab56a..0826675ea 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,11 +1,11 @@ DNS 2 217 1 HTTP 1 56 1 ICMP 1 147 1 -SSL 29 4579 3 +SSL 23 2689 2 Facebook 215 51809 12 Google 16 1031 3 HTTP_Proxy 26 3926 1 -Amazon 2 181 1 +Amazon 8 2071 2 KakaoTalk 55 9990 15 1 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com][server: *.facebook.com] @@ -17,7 +17,7 @@ KakaoTalk 55 9990 15 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][cat: VoIP/10][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][server: *.kakao.com] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes] 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes] - 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com] + 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/SSL.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com] 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com] 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com] 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 9bb9fca1b..ec5e97620 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,9 +1,9 @@ HTTP 5 280 1 QQ 15 1727 1 -SSL_No_Cert 74 14132 2 +SSL_No_Cert 45 10108 1 RTP 2991 398751 2 SSL 5 1198 1 -Facebook 5 377 3 +Facebook 34 4401 4 Google 4 359 4 HTTP_Proxy 16 1838 2 Tor 40 10538 1 @@ -14,7 +14,7 @@ KakaoTalk_Voice 44 6196 2 2 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][cat: Media/1][746 pkts/93906 bytes <-> 742 pkts/104604 bytes] 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][cat: VPN/2][22 pkts/5326 bytes <-> 18 pkts/5212 bytes] 4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][cat: Web/5][23 pkts/4380 bytes <-> 22 pkts/5728 bytes] - 5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][cat: Web/5][15 pkts/2932 bytes <-> 14 pkts/1092 bytes] + 5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64.119/SSL_No_Cert.Facebook][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes] 6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes] 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes] 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index 323e41d36..430ecdcae 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ -GoogleHangout 19 2774 1 +Google 19 2774 1 - 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][cat: Chat/9][19 pkts/2774 bytes -> 0 pkts/0 bytes] + 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201.126/GoogleHangout.Google][cat: Web/5][19 pkts/2774 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 6535e7cc5..c1b44147a 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -1,6 +1,6 @@ ICMP 30 2100 2 -Nintendo 890 320242 12 -Amazon 76 10811 7 +Nintendo 887 319888 11 +Amazon 79 11165 8 1 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][cat: Game/8][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] 2 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] @@ -18,7 +18,7 @@ Amazon 76 10811 7 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes] 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173.178/Nintendo.Amazon][cat: Web/5][3 pkts/354 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes] 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes] 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index b5b526bfa..51d926ee3 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,8 +1,7 @@ Unknown 6 360 1 -DNS 3 214 3 HTTP 13 1019 2 -SSL 20 2715 1 -Google 27 3176 3 +Google 30 3390 6 +Amazon 20 2715 1 OCS 863 57552 7 PlayStore 1 72 1 GoogleServices 13 2277 2 @@ -10,7 +9,7 @@ GoogleServices 13 2277 2 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws] 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] - 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] + 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/SSL.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/SSL.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes] @@ -18,10 +17,10 @@ GoogleServices 13 2277 2 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com] + 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com] 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] - 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] - 15 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] + 15 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][cat: Web/5][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] 17 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 18 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index baad4b4e6..778aa1197 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,10 +1,9 @@ -Unknown 985 375351 33 +Unknown 990 378832 34 HTTP 47 42014 11 SSDP 63 17143 10 HTTP_Download 26 27222 2 Google 2 1093 1 GenericProtocol 1429 1780307 49 -QUIC 5 3481 1 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] @@ -13,73 +12,72 @@ QUIC 5 3481 1 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] - 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 188/QUIC][cat: Web/5][2 pkts/158 bytes <-> 3 pkts/3323 bytes] - 9 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] - 10 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] - 11 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] - 12 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] - 13 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] - 14 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 15 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 16 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 17 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 18 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 20 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] - 21 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] - 22 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 23 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 24 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] - 25 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] - 26 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 27 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] - 28 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 29 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 30 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 31 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 32 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 33 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 34 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] - 35 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 36 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] - 37 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 40 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 41 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] - 42 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 43 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 44 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] - 45 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] - 46 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 47 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 51 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] - 52 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] - 53 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 54 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] - 55 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 56 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] - 57 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 58 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] - 59 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 60 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 61 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 62 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] - 63 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 64 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 65 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 66 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] - 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] - 68 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] - 69 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] - 70 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] - 71 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] - 72 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] - 73 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] - 74 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] + 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] + 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] + 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] + 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] + 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] + 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] + 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] + 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] + 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] + 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] + 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] + 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] + 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] + 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] + 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] + 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] + 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] + 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] + 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] + 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] + 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] + 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] + 73 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -88,31 +86,32 @@ Undetected flows: 3 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][30 pkts/33210 bytes <-> 71 pkts/5609 bytes] 4 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][34 pkts/2686 bytes <-> 11 pkts/12177 bytes] 5 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][30 pkts/2370 bytes <-> 10 pkts/10042 bytes] - 6 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 12 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] - 13 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 26 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][2 pkts/158 bytes <-> 3 pkts/3323 bytes] + 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 13 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] + 14 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 26 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index dbfc7f84d..e1f4aa97f 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -1,8 +1,7 @@ Unknown 6 7072 1 GMail 413 254874 1 YouTube 85 76193 5 -Google 11 10063 2 -QUIC 3 364 1 +Google 14 10427 3 1 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][cat: Email/3][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Host: mail.google.com] 2 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Host: www.youtube.com] @@ -12,7 +11,7 @@ QUIC 3 364 1 6 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Host: www.google.com] 7 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Host: i.ytimg.com] 8 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Host: yt3.ggpht.com] - 9 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][cat: Web/5][2 pkts/241 bytes <-> 1 pkts/123 bytes] + 9 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188.126/QUIC.Google][cat: Web/5][2 pkts/241 bytes <-> 1 pkts/123 bytes] Undetected flows: diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index ddb00deaa..d02ced39b 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,29 +1,27 @@ -Unknown 171 20697 10 +Unknown 175 20913 11 DNS 2 267 1 MDNS 8 1736 2 -NTP 2 180 1 SSDP 101 38156 6 -SkypeCallIn 1555 267750 192 +SkypeCallIn 730 71378 170 ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 -Skype 584 56659 57 -Apple 7 384 2 +Skype 1409 253031 79 +Apple 17 2225 3 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 -ApplePush 12 1877 1 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] - 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes] 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes] 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] - 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes] + 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes] 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] @@ -35,7 +33,7 @@ ApplePush 12 1877 1 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes] 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/1578 bytes <-> 4 pkts/342 bytes] - 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238.140/ApplePush.Apple][cat: Web/5][6 pkts/1211 bytes <-> 6 pkts/666 bytes] 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1554 bytes <-> 3 pkts/200 bytes] 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1090 bytes <-> 6 pkts/534 bytes] 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes] @@ -50,51 +48,51 @@ ApplePush 12 1877 1 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1207 bytes <-> 3 pkts/277 bytes] 34 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][cat: Web/5][12 pkts/1221 bytes <-> 3 pkts/231 bytes] 35 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1062 bytes <-> 4 pkts/383 bytes] - 36 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes] - 37 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes] + 36 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 37 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes] 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1010 bytes <-> 5 pkts/402 bytes] 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1151 bytes <-> 3 pkts/260 bytes] 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1040 bytes <-> 4 pkts/362 bytes] 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/397 bytes] 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes] - 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes] 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][cat: Web/5][11 pkts/1140 bytes <-> 3 pkts/250 bytes] - 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes] 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/391 bytes] 48 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/386 bytes] 49 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/380 bytes] 50 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][cat: Web/5][13 pkts/1176 bytes <-> 3 pkts/200 bytes] - 51 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes] + 51 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes] 52 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/971 bytes <-> 4 pkts/399 bytes] - 53 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes] - 54 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes] + 53 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 54 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes] 55 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/407 bytes] - 56 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes] + 56 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes] 57 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1074 bytes <-> 3 pkts/277 bytes] 58 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1102 bytes <-> 3 pkts/247 bytes] 59 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1109 bytes <-> 3 pkts/236 bytes] - 60 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes] + 60 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes] 61 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1074 bytes <-> 3 pkts/254 bytes] - 62 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes] + 62 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes] 63 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1088 bytes <-> 3 pkts/236 bytes] - 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes] 65 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][cat: Web/5][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes] 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1039 bytes <-> 3 pkts/267 bytes] - 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes] 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/982 bytes <-> 4 pkts/322 bytes] 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1002 bytes <-> 3 pkts/285 bytes] - 71 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes] - 72 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes] + 71 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 72 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes] 73 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/999 bytes <-> 4 pkts/266 bytes] 74 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1032 bytes <-> 3 pkts/230 bytes] - 75 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes] + 75 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes] 76 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/411 bytes] 77 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/994 bytes <-> 2 pkts/243 bytes] - 78 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes] - 79 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes] - 80 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes] + 78 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 79 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes] + 80 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes] 81 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/857 bytes <-> 4 pkts/351 bytes] 82 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/827 bytes <-> 3 pkts/325 bytes] 83 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][9 pkts/862 bytes <-> 3 pkts/285 bytes] @@ -146,158 +144,157 @@ ApplePush 12 1877 1 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 132 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 140/Apple][cat: Web/5][4 pkts/216 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 134 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 135 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 136 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 137 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 138 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 274 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 275 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 276 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 281 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 282 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 283 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9.140/NTP.Apple][cat: Web/5][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 133 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 134 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 275 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 276 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -310,4 +307,5 @@ Undetected flows: 7 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] 8 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 10 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index a278e42eb..bbddd568f 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -3,15 +3,14 @@ DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 SSDP 40 14100 3 -SkypeCallIn 684 60681 178 +SkypeCallIn 454 39996 164 ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 610 129661 46 -Apple 76 19581 1 +Skype 840 150346 60 +Apple 84 20699 2 MS_OneDrive 348 181687 1 -ApplePush 8 1118 1 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] @@ -20,7 +19,7 @@ ApplePush 8 1118 1 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes] + 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes] 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][4 pkts/818 bytes <-> 4 pkts/2172 bytes] 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1446 bytes <-> 4 pkts/266 bytes] @@ -33,44 +32,44 @@ ApplePush 8 1118 1 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1104 bytes <-> 5 pkts/392 bytes] 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1106 bytes <-> 5 pkts/385 bytes] 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1070 bytes <-> 4 pkts/420 bytes] - 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes] + 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes] 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][11 pkts/1164 bytes <-> 3 pkts/268 bytes] 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1077 bytes <-> 4 pkts/351 bytes] - 24 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes] - 25 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes] + 24 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes] + 25 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes] 26 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1093 bytes <-> 4 pkts/333 bytes] 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][12 pkts/1130 bytes <-> 3 pkts/285 bytes] 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1130 bytes <-> 3 pkts/285 bytes] 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1095 bytes <-> 3 pkts/285 bytes] 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1022 bytes <-> 4 pkts/351 bytes] 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/991 bytes <-> 4 pkts/378 bytes] - 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes] + 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes] 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1012 bytes <-> 4 pkts/351 bytes] 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/976 bytes <-> 4 pkts/365 bytes] - 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes] - 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes] - 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes] + 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes] + 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes] 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/349 bytes] - 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes] - 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes] - 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes] + 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes] + 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes] 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes] + 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes] 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][cat: Web/5][10 pkts/972 bytes <-> 3 pkts/285 bytes] 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/902 bytes <-> 4 pkts/351 bytes] - 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes] + 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes] 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/942 bytes <-> 3 pkts/284 bytes] 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/832 bytes <-> 4 pkts/387 bytes] 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/852 bytes <-> 4 pkts/351 bytes] 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/916 bytes <-> 3 pkts/281 bytes] 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/862 bytes <-> 3 pkts/314 bytes] - 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes] 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/285 bytes] 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/931 bytes <-> 2 pkts/219 bytes] 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/855 bytes <-> 3 pkts/287 bytes] 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/958 bytes <-> 2 pkts/184 bytes] 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/848 bytes <-> 3 pkts/286 bytes] - 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][cat: Cloud/13][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238.140/ApplePush.Apple][cat: Web/5][4 pkts/674 bytes <-> 4 pkts/444 bytes] 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 60 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index 35183e642..017d5a639 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -1,6 +1,6 @@ -SSL_No_Cert 22 2879 1 +Google 22 2879 1 Snapchat 34 7320 2 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][cat: Chat/9][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][client: feelinsonice-hrd.appspot.com] 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][cat: Chat/9][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][client: feelinsonice-hrd.appspot.com] - 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes] + 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64.126/SSL_No_Cert.Google][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index c385561d7..c63b86dc8 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -5,8 +5,7 @@ HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 SSL 38 2548 11 -Google 16 1709 4 -QUIC 6 475 1 +Google 22 2184 5 Github 3 234 1 Starcraft 236 51494 6 @@ -32,7 +31,7 @@ Starcraft 236 51494 6 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes] 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com] 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net] - 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes] + 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes] 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa] 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com] 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 0c85aae9e..e200492ee 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -1,40 +1,36 @@ -Unknown 93 13829 4 DNS 8 1267 4 MDNS 4 412 1 ICMP 2 3028 1 -SSL 129 42221 7 +SSL 31 8597 3 ICMPV6 2 140 1 Facebook 2 281 1 -Google 2 164 1 -Viber 175 85695 5 -QUIC 3 194 1 +Google 32 9133 3 +Viber 268 99524 9 +Amazon 71 24849 3 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/SSL.Viber][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][client: dl-media.viber.com][server: *.viber.com] 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/SSL.Viber][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][client: media.cdn.viber.com][server: *.cdn.viber.com] - 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91/SSL][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][client: brahe.apptimize.com][server: *.apptimize.com] + 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/SSL.Amazon][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][client: brahe.apptimize.com][server: *.apptimize.com] 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: Chat/9][32 pkts/6563 bytes <-> 26 pkts/2782 bytes] - 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91/SSL][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][client: app-measurement.com] - 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com] + 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][client: app-measurement.com] + 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/SSL.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com] 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][client: venetia.iad.appboy.com][server: y.ssl.fastly.net] - 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com] - 9 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] - 10 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] - 11 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 12 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 13 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] - 15 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] - 16 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] - 17 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] - 18 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] - 19 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] - 20 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] - 21 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] - 22 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] - - -Undetected flows: - 1 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 0/Unknown][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] - 2 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 0/Unknown][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] - 3 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] - 4 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/SSL.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com] + 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: Chat/9][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] + 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: Chat/9][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] + 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] + 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] + 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 15 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] + 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] + 18 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] + 19 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] + 20 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] + 21 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188.126/QUIC.Google][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] + 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] + 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] + 24 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index bdb4acf91..b964af613 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,8 +1,8 @@ HTTP 28 1572 7 NTP 2 180 1 HTTP_Download 37 63205 1 -SSL_No_Cert 13 2142 1 SSL 8 432 2 +Google 13 2142 1 Waze 484 289335 19 WhatsApp 15 1341 1 Amazon 10 786 1 @@ -21,7 +21,7 @@ Amazon 10 786 1 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][server: *.world.waze.com] 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][server: *.waze.com] 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com] - 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes] + 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64.126/SSL_No_Cert.Google][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes] 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] 17 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes] 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 71fb528d1..ed5418eae 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -1,10 +1,10 @@ HTTP 22 3182 2 SSL_No_Cert 90 10682 5 -SSL 46 10727 4 +SSL 16 1159 3 SIP 22 15356 1 Google 17 6375 1 Webex 1380 818407 43 -Amazon 3 174 1 +Amazon 33 9742 2 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] @@ -15,7 +15,7 @@ Amazon 3 174 1 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes] 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] - 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] + 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/SSL.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index f6c618bcf..b62f14fff 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -1,9 +1,8 @@ DNS 10 1059 5 HTTP 19 2275 5 SSL 15 1234 10 -Google 10 660 5 +Google 33 4778 7 Amazon 2 132 1 -QUIC 23 4118 2 Sina(Weibo) 419 258077 16 1 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn] @@ -13,8 +12,8 @@ Sina(Weibo) 419 258077 16 5 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn] 6 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn] 7 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn] - 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes] - 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes] + 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188.126/QUIC.Google][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes] + 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes] 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com] 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn] 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 666b3d70a..701215a49 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -4,14 +4,14 @@ MDNS 8 952 4 DHCP 10 3420 1 ICMP 10 700 1 SSL 8 589 2 +Facebook 44 7818 2 Dropbox 4 2176 1 -Apple 105 22176 19 +Apple 127 28102 20 WhatsApp 182 25154 2 Spotify 3 258 1 Messenger 70 9464 14 -WhatsAppVoice 706 91156 4 +WhatsAppVoice 662 83338 2 AppleStore 85 28087 2 -ApplePush 22 5926 1 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][cat: VoIP/10][186 pkts/27025 bytes <-> 278 pkts/25895 bytes] 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][cat: VoIP/10][141 pkts/17530 bytes <-> 57 pkts/12888 bytes] @@ -19,10 +19,10 @@ ApplePush 22 5926 1 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate/19][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com] 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate/19][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] - 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] - 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] + 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238.140/ApplePush.Apple][cat: Web/5][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] + 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189.119/WhatsAppVoice.Facebook][cat: SocialNetwork/6][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] - 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] + 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189.119/WhatsAppVoice.Facebook][cat: SocialNetwork/6][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] 11 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/2176 bytes -> 0 pkts/0 bytes] 12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][cat: Web/5][9 pkts/1130 bytes <-> 8 pkts/868 bytes] 13 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 324b0cd4c..51ce4456a 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -1,14 +1,13 @@ MDNS 2 202 2 DHCP 6 2052 1 Dropbox 2 1088 1 -Apple 44 21371 1 +Apple 50 23466 2 WhatsApp 32 3243 2 Spotify 1 86 1 -ApplePush 6 2095 1 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] - 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes] + 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238.140/ApplePush.Apple][cat: Web/5][6 pkts/2095 bytes -> 0 pkts/0 bytes] 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net] -- cgit v1.2.3 From bae75c8f9b90c8655cc1e67c85a52e66f6121b52 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 30 Nov 2018 08:39:54 +0100 Subject: Fix for custom protocol load --- src/lib/ndpi_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0812e63ac..8ee2dd1a6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4455,7 +4455,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, + ret.app_protocol = flow->guessed_protocol_id ? flow->guessed_protocol_id : flow->guessed_host_protocol_id; ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); } -- cgit v1.2.3 From be2934f9ad2f9ea21ca19a9f64e5bf3b67e22447 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 30 Nov 2018 18:41:16 +0100 Subject: Added the concept of protocols that can have subprotocols. Example Spotify cannot have subprotocols, DNS can (DNS.Spotify) Merged Skype call in/out in Skype Call --- src/include/ndpi_main.h | 1 + src/include/ndpi_protocol_ids.h | 4 +- src/include/ndpi_typedefs.h | 1 + src/lib/ndpi_main.c | 418 ++++++++++++++-------------- src/lib/protocols/skype.c | 4 +- src/lib/protocols/stun.c | 7 +- tests/result/1kxun.pcap.out | 90 +++--- tests/result/hangout.pcap.out | 4 +- tests/result/nintendo.pcap.out | 6 +- tests/result/skype-conference-call.pcap.out | 4 +- tests/result/skype.pcap.out | 350 +++++++++++------------ tests/result/skype_no_unknown.pcap.out | 335 +++++++++++----------- tests/result/whatsapp_login_call.pcap.out | 12 +- tests/result/whatsapp_login_chat.pcap.out | 5 +- 14 files changed, 626 insertions(+), 615 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 41280fb8e..e37576289 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -97,6 +97,7 @@ extern "C" { extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, + u_int8_t can_have_a_subprotocol, u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 376ae1958..14f1810ed 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -72,7 +72,7 @@ typedef enum { NDPI_PROTOCOL_GNUTELLA = 35, NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow */ NDPI_PROTOCOL_BITTORRENT = 37, - NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, + NDPI_PROTOCOL_SKYPE_CALL = 38, /* Skype call and videocalls */ NDPI_PROTOCOL_SIGNAL = 39, NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ @@ -85,7 +85,7 @@ typedef enum { NDPI_PROTOCOL_XBOX = 47, NDPI_PROTOCOL_QQ = 48, - NDPI_PROTOCOL_SKYPE_CALL_IN = 49, + NDPI_PROTOCOL_FREE_49 = 49, /* Free */ NDPI_PROTOCOL_RTSP = 50, NDPI_PROTOCOL_MAIL_IMAPS = 51, NDPI_PROTOCOL_ICECAST = 52, diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 4b69c2b7b..d48453baf 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -833,6 +833,7 @@ typedef enum { typedef struct ndpi_proto_defaults { char *protoName; ndpi_protocol_category_t protoCategory; + u_int8_t can_have_a_subprotocol; u_int16_t protoId, protoIdx; u_int16_t master_tcp_protoId[2], master_udp_protoId[2]; /* The main protocols on which this sub-protocol sits on */ ndpi_protocol_breed_t protoBreed; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8ee2dd1a6..12aba272e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -527,6 +527,7 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, + u_int8_t can_have_a_subprotocol, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) { @@ -553,7 +554,8 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_mod->proto_defaults[protoId].protoCategory = protoCategory, ndpi_mod->proto_defaults[protoId].protoId = protoId, ndpi_mod->proto_defaults[protoId].protoBreed = breed; - + ndpi_mod->proto_defaults[protoId].can_have_a_subprotocol = can_have_a_subprotocol; + memcpy(&ndpi_mod->proto_defaults[protoId].master_tcp_protoId, tcp_master_protoId, 2*sizeof(u_int16_t)); memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t)); @@ -754,6 +756,7 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, ndpi_set_proto_defaults(ndpi_mod, ndpi_mod->proto_defaults[match->protocol_id].protoBreed, ndpi_mod->proto_defaults[match->protocol_id].protoId, + 0 /* can_have_a_subprotocol */, no_master, no_master, ndpi_mod->proto_defaults[match->protocol_id].protoName, ndpi_mod->proto_defaults[match->protocol_id].protoCategory, @@ -995,966 +998,971 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp memset(ndpi_mod->proto_defaults, 0, sizeof(ndpi_mod->proto_defaults)); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 465, 587, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "DNS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "HEP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "NFS", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 179, 2605, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV1, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SMBv1", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_NTOP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "ntop", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FBZERO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "FacebookZero", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 443, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Skype", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL_IN, - no_master, - no_master, "SkypeCallIn", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL, + 0 /* can_have_a_subprotocol */, no_master, + no_master, "SkypeCall", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_49, + 0 /* can_have_a_subprotocol */, no_master, + no_master, "Free_49", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL_OUT, - no_master, - no_master, "SkypeCallOut", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_49, + 0 /* can_have_a_subprotocol */, no_master, + no_master, "SkypeCall", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT, - no_master, /* wechat.com */ + 0 /* can_have_a_subprotocol */, no_master, /* wechat.com */ no_master, "WeChat", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Memcached", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 11211, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 11211, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV23, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MINING, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Mining", CUSTOM_CATEGORY_MINING, ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NEST_LOG_SINK, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "NestLogSink", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 11095, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_44, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_45, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_46, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SIGNAL, - no_master, /* https://signal.org */ + 0 /* can_have_a_subprotocol */, no_master, /* https://signal.org */ no_master, "Signal", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_205, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VIDTO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "QQ", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "PPLive", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Zattoo", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "ShoutCast", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Sopcast", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Tvants", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "QQLive", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SSL, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSL_NO_CERT, - custom_master, + 1 /* can_have_a_subprotocol */, custom_master, no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_IRC, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Oscar", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Steam", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_HOTSPOT_SHIELD, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, - no_master, + 0 /* can_have_a_subprotocol */, no_master, custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IPsec", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "GRE", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "EGP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RTP", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "PcAnywhere", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_VOICE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "WhatsAppVoice", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_FILES, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "WhatsAppFiles", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "WhatsApp", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SSL_NO_CERT, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_SSL, - no_master, + 1 /* can_have_a_subprotocol */, no_master, custom_master, "SSL", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 443, 3001 /* ntop */, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Usenet", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "MGCP", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "IAX", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CATEGORY_CUSTOM_1, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, NDPI_CONST_GENERIC_PROTOCOL_NAME, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SIP", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Armagetron", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FIESTA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Florensia", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_ACTIVESYNC, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "MapleStory", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "DCE_RPC", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Webex", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 5938, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5938, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SAP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "GTP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "UPnP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1780, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1900, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Telegram", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC, - no_master, + 1 /* can_have_a_subprotocol */, no_master, no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_PUSH, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "ApplePush", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 1, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SPOTIFY, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Spotify", NDPI_PROTOCOL_CATEGORY_STREAMING, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENVPN, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RTCP", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Corba", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SOCKS", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Pando_Media_Booster", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Megaco", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 2944 , 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Redis", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) ); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "VHUA", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Starcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 7985, 5242, 5243, 4244, 0), /* TCP */ ndpi_build_default_ports(ports_b, 7985, 7987, 5242, 5243, 4244)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "COAP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_GIT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DNSCRYPT, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TINC, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NINTENDO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CSGO, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "CSGO", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AJP, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, "AJP", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 8009, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); @@ -2686,7 +2694,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, ndpi_mod->ndpi_num_supported_protocols, - no_master, + 0 /* can_have_a_subprotocol */, no_master, no_master, ndpi_strdup(proto), NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, /* TODO add protocol category support in rules */ @@ -4038,9 +4046,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->protos.stun_ssl.stun.num_processed_pkts > 0) { if(/* (flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) */ flow->protos.stun_ssl.stun.is_skype) { - u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; - - ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE); } else ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_STUN); } @@ -5184,8 +5190,10 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, && (lower_detected_protocol == NDPI_PROTOCOL_UNKNOWN)) { if((flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) && (upper_detected_protocol != flow->guessed_host_protocol_id)) { - lower_detected_protocol = upper_detected_protocol; - upper_detected_protocol = flow->guessed_host_protocol_id; + if(ndpi_struct->proto_defaults[upper_detected_protocol].can_have_a_subprotocol) { + lower_detected_protocol = upper_detected_protocol; + upper_detected_protocol = flow->guessed_host_protocol_id; + } } } @@ -6052,10 +6060,8 @@ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_free_flow(struct ndpi_flow_struct *flow) { if(flow) { - if(flow->http.url) - ndpi_free(flow->http.url); - if(flow->http.content_type) - ndpi_free(flow->http.content_type); + if(flow->http.url) ndpi_free(flow->http.url); + if(flow->http.content_type) ndpi_free(flow->http.content_type); ndpi_free(flow); } } diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 0f5e8c780..35dcb0161 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -24,12 +24,10 @@ #include "ndpi_api.h" static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; - //printf("-> payload_len=%u\n", flow->packet.payload_packet_len); NDPI_LOG_INFO(ndpi_struct, "found skype\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE); } static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index cb1322e5e..c169a47db 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -203,7 +203,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_INFO(ndpi_struct, "found Skype\n"); if((flow->protos.stun_ssl.stun.num_processed_pkts >= 8) || (flow->protos.stun_ssl.stun.num_binding_requests >= 4)) - ndpi_set_detected_protocol(ndpi_struct, flow, (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT, NDPI_PROTOCOL_SKYPE); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE); } else { NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); /* Ummmmm we're in the TCP branch. This code looks bad */ ndpi_int_stun_add_connection(ndpi_struct, @@ -221,9 +221,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(flow->protos.stun_ssl.stun.is_skype) { NDPI_LOG_INFO(ndpi_struct, "Found Skype\n"); - + + /* flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT */ if((flow->protos.stun_ssl.stun.num_processed_pkts >= 8) || (flow->protos.stun_ssl.stun.num_binding_requests >= 4)) - ndpi_set_detected_protocol(ndpi_struct, flow, (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT, NDPI_PROTOCOL_SKYPE); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE); } else { NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); ndpi_int_stun_add_connection(ndpi_struct, diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 5eead7a9c..738340781 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -1,7 +1,8 @@ -Unknown 24 6428 14 +Unknown 23 6265 13 DNS 2 378 1 HTTP 524 220123 9 MDNS 1 82 1 +NTP 1 90 1 NetBIOS 31 3589 8 SSDP 143 36951 13 DHCP 24 8208 5 @@ -12,8 +13,7 @@ DHCPV6 10 980 3 Facebook 19 6840 2 Google 3 176 1 GenericProtocol 433 311919 14 -Apple 1 90 1 -LLMNR 89 6799 47 +LLMNR 90 6962 48 1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Web/5][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] 2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] @@ -91,45 +91,46 @@ LLMNR 89 6799 47 74 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] 75 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] 76 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 77 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 78 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 79 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 80 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 81 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 82 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 83 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 84 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] - 85 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 86 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 87 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 88 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 89 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 90 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 91 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 92 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 93 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 94 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 95 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 96 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 97 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 98 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 99 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 100 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 101 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 87/RTP][cat: Media/1][2 pkts/132 bytes -> 0 pkts/0 bytes] - 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes] - 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes] - 104 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes] - 105 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 106 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 107 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 108 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9.140/NTP.Apple][cat: Web/5][1 pkts/90 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 112 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 113 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 114 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 115 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] + 77 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 154/LLMNR][cat: Network/14][1 pkts/163 bytes -> 0 pkts/0 bytes] + 78 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 79 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 80 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 81 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 82 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 83 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 84 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 85 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] + 86 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 87 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 88 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 89 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 90 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 91 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 92 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 93 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 94 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 95 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 96 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 97 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 98 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 99 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 100 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 101 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 102 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 87/RTP][cat: Media/1][2 pkts/132 bytes -> 0 pkts/0 bytes] + 103 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes] + 104 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes] + 105 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes] + 106 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 107 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 108 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 109 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 110 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 113 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 114 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 115 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 116 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] Undetected flows: @@ -144,6 +145,5 @@ Undetected flows: 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] - 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] + 13 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index 430ecdcae..323e41d36 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ -Google 19 2774 1 +GoogleHangout 19 2774 1 - 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201.126/GoogleHangout.Google][cat: Web/5][19 pkts/2774 bytes -> 0 pkts/0 bytes] + 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][cat: Chat/9][19 pkts/2774 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index c1b44147a..6535e7cc5 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -1,6 +1,6 @@ ICMP 30 2100 2 -Nintendo 887 319888 11 -Amazon 79 11165 8 +Nintendo 890 320242 12 +Amazon 76 10811 7 1 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][cat: Game/8][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] 2 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] @@ -18,7 +18,7 @@ Amazon 79 11165 8 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes] 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173.178/Nintendo.Amazon][cat: Web/5][3 pkts/354 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes] 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes] 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype-conference-call.pcap.out b/tests/result/skype-conference-call.pcap.out index 3a7c34e17..fd6dde8c4 100644 --- a/tests/result/skype-conference-call.pcap.out +++ b/tests/result/skype-conference-call.pcap.out @@ -1,3 +1,3 @@ -SkypeCallOut 200 39687 1 +SkypeCall 200 39687 1 - 1 UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 125.38/Skype.SkypeCallOut][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes] + 1 UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index d02ced39b..f1fef0ed8 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,30 +1,32 @@ Unknown 175 20913 11 DNS 2 267 1 MDNS 8 1736 2 +NTP 2 180 1 SSDP 101 38156 6 -SkypeCallIn 730 71378 170 +SkypeCall 730 71378 170 ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 Skype 1409 253031 79 -Apple 17 2225 3 +Apple 3 168 1 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 +ApplePush 12 1877 1 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes] 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] - 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes] 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] - 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] + 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] - 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] - 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] + 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] 15 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes] @@ -32,42 +34,42 @@ MS_OneDrive 387 198090 1 17 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes] 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] - 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/1578 bytes <-> 4 pkts/342 bytes] - 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238.140/ApplePush.Apple][cat: Web/5][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/1578 bytes <-> 4 pkts/342 bytes] + 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes] 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1090 bytes <-> 6 pkts/534 bytes] + 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1090 bytes <-> 6 pkts/534 bytes] 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes] 25 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1305 bytes <-> 3 pkts/285 bytes] 26 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1218 bytes <-> 4 pkts/351 bytes] 27 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/285 bytes] 28 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/955 bytes <-> 9 pkts/561 bytes] 29 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1270 bytes <-> 3 pkts/243 bytes] - 30 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][15 pkts/1138 bytes <-> 4 pkts/372 bytes] - 31 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1075 bytes <-> 4 pkts/431 bytes] - 32 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1100 bytes <-> 5 pkts/395 bytes] + 30 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][15 pkts/1138 bytes <-> 4 pkts/372 bytes] + 31 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 32 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1100 bytes <-> 5 pkts/395 bytes] 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1207 bytes <-> 3 pkts/277 bytes] 34 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][cat: Web/5][12 pkts/1221 bytes <-> 3 pkts/231 bytes] - 35 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1062 bytes <-> 4 pkts/383 bytes] + 35 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1062 bytes <-> 4 pkts/383 bytes] 36 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes] 37 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes] - 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/1010 bytes <-> 5 pkts/402 bytes] 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1151 bytes <-> 3 pkts/260 bytes] - 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1040 bytes <-> 4 pkts/362 bytes] - 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1040 bytes <-> 4 pkts/362 bytes] + 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/397 bytes] 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1050 bytes <-> 4 pkts/351 bytes] 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes] 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes] 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][cat: Web/5][11 pkts/1140 bytes <-> 3 pkts/250 bytes] 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes] - 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/391 bytes] - 48 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/386 bytes] - 49 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 48 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 49 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/380 bytes] 50 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][cat: Web/5][13 pkts/1176 bytes <-> 3 pkts/200 bytes] 51 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes] - 52 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 52 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/971 bytes <-> 4 pkts/399 bytes] 53 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes] 54 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes] - 55 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 55 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/407 bytes] 56 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes] 57 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1074 bytes <-> 3 pkts/277 bytes] 58 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1102 bytes <-> 3 pkts/247 bytes] @@ -81,26 +83,26 @@ MS_OneDrive 387 198090 1 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes] 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1039 bytes <-> 3 pkts/267 bytes] 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes] - 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/982 bytes <-> 4 pkts/322 bytes] 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1002 bytes <-> 3 pkts/285 bytes] 71 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes] 72 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes] 73 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/999 bytes <-> 4 pkts/266 bytes] 74 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1032 bytes <-> 3 pkts/230 bytes] 75 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes] - 76 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/411 bytes] - 77 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 76 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 77 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/994 bytes <-> 2 pkts/243 bytes] 78 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes] 79 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes] 80 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes] 81 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/857 bytes <-> 4 pkts/351 bytes] - 82 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/827 bytes <-> 3 pkts/325 bytes] + 82 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/827 bytes <-> 3 pkts/325 bytes] 83 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][9 pkts/862 bytes <-> 3 pkts/285 bytes] - 84 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/935 bytes <-> 2 pkts/197 bytes] + 84 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/935 bytes <-> 2 pkts/197 bytes] 85 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/237 bytes] - 86 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/838 bytes <-> 3 pkts/270 bytes] + 86 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/838 bytes <-> 3 pkts/270 bytes] 87 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][9 pkts/822 bytes <-> 3 pkts/285 bytes] - 88 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 88 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/814 bytes <-> 3 pkts/287 bytes] 89 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/908 bytes -> 0 pkts/0 bytes] 90 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes] 91 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes] @@ -140,160 +142,160 @@ MS_OneDrive 387 198090 1 125 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 126 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 127 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9.140/NTP.Apple][cat: Web/5][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] 133 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] 134 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] 275 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] 276 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index bbddd568f..f83f6b559 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -3,21 +3,22 @@ DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 SSDP 40 14100 3 -SkypeCallIn 454 39996 164 +SkypeCall 454 39996 164 ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 Skype 840 150346 60 -Apple 84 20699 2 +Apple 76 19581 1 MS_OneDrive 348 181687 1 +ApplePush 8 1118 1 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes] - 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] - 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] + 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] + 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes] 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][4 pkts/818 bytes <-> 4 pkts/2172 bytes] @@ -29,52 +30,52 @@ MS_OneDrive 348 181687 1 15 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][cat: Web/5][12 pkts/1291 bytes <-> 3 pkts/242 bytes] 16 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1235 bytes <-> 3 pkts/285 bytes] 17 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/265 bytes] - 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1104 bytes <-> 5 pkts/392 bytes] - 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1106 bytes <-> 5 pkts/385 bytes] - 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1070 bytes <-> 4 pkts/420 bytes] + 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1104 bytes <-> 5 pkts/392 bytes] + 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1070 bytes <-> 4 pkts/420 bytes] 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes] 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][11 pkts/1164 bytes <-> 3 pkts/268 bytes] 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1077 bytes <-> 4 pkts/351 bytes] 24 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes] 25 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes] - 26 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][14 pkts/1093 bytes <-> 4 pkts/333 bytes] + 26 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1093 bytes <-> 4 pkts/333 bytes] 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][12 pkts/1130 bytes <-> 3 pkts/285 bytes] 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1130 bytes <-> 3 pkts/285 bytes] 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1095 bytes <-> 3 pkts/285 bytes] 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1022 bytes <-> 4 pkts/351 bytes] - 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/991 bytes <-> 4 pkts/378 bytes] + 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/991 bytes <-> 4 pkts/378 bytes] 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes] 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1012 bytes <-> 4 pkts/351 bytes] - 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/976 bytes <-> 4 pkts/365 bytes] 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes] 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes] 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes] - 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/349 bytes] + 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/349 bytes] 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes] 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes] 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes] - 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/861 bytes <-> 4 pkts/397 bytes] + 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/861 bytes <-> 4 pkts/397 bytes] 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes] 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][cat: Web/5][10 pkts/972 bytes <-> 3 pkts/285 bytes] 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/902 bytes <-> 4 pkts/351 bytes] 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes] - 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/942 bytes <-> 3 pkts/284 bytes] - 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/832 bytes <-> 4 pkts/387 bytes] 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/852 bytes <-> 4 pkts/351 bytes] - 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/916 bytes <-> 3 pkts/281 bytes] - 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/916 bytes <-> 3 pkts/281 bytes] + 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/862 bytes <-> 3 pkts/314 bytes] 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes] 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/285 bytes] - 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][12 pkts/931 bytes <-> 2 pkts/219 bytes] - 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/855 bytes <-> 3 pkts/287 bytes] + 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/855 bytes <-> 3 pkts/287 bytes] 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/958 bytes <-> 2 pkts/184 bytes] - 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][11 pkts/848 bytes <-> 3 pkts/286 bytes] - 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238.140/ApplePush.Apple][cat: Web/5][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/848 bytes <-> 3 pkts/286 bytes] + 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][cat: Cloud/13][4 pkts/674 bytes <-> 4 pkts/444 bytes] 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 60 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][7 pkts/571 bytes <-> 3 pkts/286 bytes] 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes] 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes] 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] @@ -107,8 +108,8 @@ MS_OneDrive 348 181687 1 93 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 94 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes] 95 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][4 pkts/328 bytes -> 0 pkts/0 bytes] - 96 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] - 97 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 96 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] + 97 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 98 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes] 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes] @@ -120,153 +121,153 @@ MS_OneDrive 348 181687 1 106 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] 107 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] 108 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 109 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] 248 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] 249 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] 250 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] 256 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 701215a49..666b3d70a 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -4,14 +4,14 @@ MDNS 8 952 4 DHCP 10 3420 1 ICMP 10 700 1 SSL 8 589 2 -Facebook 44 7818 2 Dropbox 4 2176 1 -Apple 127 28102 20 +Apple 105 22176 19 WhatsApp 182 25154 2 Spotify 3 258 1 Messenger 70 9464 14 -WhatsAppVoice 662 83338 2 +WhatsAppVoice 706 91156 4 AppleStore 85 28087 2 +ApplePush 22 5926 1 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][cat: VoIP/10][186 pkts/27025 bytes <-> 278 pkts/25895 bytes] 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][cat: VoIP/10][141 pkts/17530 bytes <-> 57 pkts/12888 bytes] @@ -19,10 +19,10 @@ AppleStore 85 28087 2 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate/19][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com] 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate/19][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] - 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238.140/ApplePush.Apple][cat: Web/5][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] - 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189.119/WhatsAppVoice.Facebook][cat: SocialNetwork/6][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] + 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] + 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] - 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189.119/WhatsAppVoice.Facebook][cat: SocialNetwork/6][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] + 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] 11 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/2176 bytes -> 0 pkts/0 bytes] 12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][cat: Web/5][9 pkts/1130 bytes <-> 8 pkts/868 bytes] 13 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 51ce4456a..324b0cd4c 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -1,13 +1,14 @@ MDNS 2 202 2 DHCP 6 2052 1 Dropbox 2 1088 1 -Apple 50 23466 2 +Apple 44 21371 1 WhatsApp 32 3243 2 Spotify 1 86 1 +ApplePush 6 2095 1 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] - 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238.140/ApplePush.Apple][cat: Web/5][6 pkts/2095 bytes -> 0 pkts/0 bytes] + 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes] 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes] 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net] -- cgit v1.2.3 From 2a1313ffd5a1f5030e51960580f9abb4c83d058b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 10 Dec 2018 12:19:34 +0100 Subject: Improvements in SpeedTest (Ookla) detection --- src/lib/ndpi_content_match.c.inc | 3 ++- src/lib/ndpi_main.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 45cd46484..e8cc040e1 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8094,7 +8094,8 @@ ndpi_protocol_match host_match[] = { { ".facebook.net", NULL, "\\.facebook" TLD, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbsbx.com", NULL, "\\.fbsbx" TLD, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".speedtest.net", NULL, "\\.speedtest" TLD, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, + { "speedtest.", NULL, "speedtest\\." TLD, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, + { ".ooklaserver.net", NULL, "\\.ooklaserver\\.net" TLD, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, { "ntop.org", NULL, "ntop\\.org$", "ntop", NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 12aba272e..32f19320a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3997,6 +3997,9 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st else if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN); } else { + if(!enable_guess) + return(ret); + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) -- cgit v1.2.3 From c1d31bb4096e3a8d49babba871684d26195726bc Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 12 Dec 2018 08:58:34 +0100 Subject: Fixed eDonkey false positives --- src/lib/protocols/edonkey.c | 175 ++++++++++++++++++++++---------------------- 1 file changed, 88 insertions(+), 87 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 3a4801ab1..547bafc5f 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -35,123 +35,122 @@ static void ndpi_int_edonkey_add_connection(struct ndpi_detection_module_struct } static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) { + if((len >= 4) && (data[0] == 0xe3) && (data[2] == 0x00) && (data[3] == 0x00)) + return 1; - if ((len >= 4) && (data[0] == 0xe3) && (data[2] == 0x00) && (data[3] == 0x00)) - return 1; + if((len >= 4) && (data[0] == 0xc5) && (data[2] == 0x00) && (data[3] == 0x00)) + return 1; - if ((len >= 4) && (data[0] == 0xc5) && (data[2] == 0x00) && (data[3] == 0x00)) - return 1; + if((len >= 2) && (data[0] == 0xe5) && (data[1] == 0x43)) + return 1; - if ((len >= 2) && (data[0] == 0xe5) && (data[1] == 0x43)) - return 1; - - if ((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x08) && (data[2] == 0x78) && (data[3] == 0xda)) - return 1; + if((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x08) && (data[2] == 0x78) && (data[3] == 0xda)) + return 1; - if ((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x28) && (data[2] == 0x78) && (data[3] == 0xda)) - return 1; + if((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x28) && (data[2] == 0x78) && (data[3] == 0xda)) + return 1; - if ((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x90)) - return 1; + if((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x90)) + return 1; - if ((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x91)) - return 1; + if((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x91)) + return 1; - if ((len == 2) && (data[0] == 0xc5) && (data[1] == 0x92)) - return 1; + if((len == 2) && (data[0] == 0xc5) && (data[1] == 0x92)) + return 1; - if ((len == 2) && (data[0] == 0xc5) && (data[1] == 0x93)) - return 1; + if((len == 2) && (data[0] == 0xc5) && (data[1] == 0x93)) + return 1; - if ((len >= 38 && len <= 70) && (data[0] == 0xc5) && (data[1] == 0x94)) - return 1; + if((len >= 38 && len <= 70) && (data[0] == 0xc5) && (data[1] == 0x94)) + return 1; - if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9a)) - return 1; + if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9a)) + return 1; - if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9b)) - return 1; + if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9b)) + return 1; - if ((len == 6) && (data[0] == 0xe3) && (data[1] == 0x96)) - return 1; + if((len == 6) && (data[0] == 0xe3) && (data[1] == 0x96)) + return 1; - if ((len <= 34 && ((len - 2) % 4 == 0)) && (data[0] == 0xe3) && (data[1] == 0x97)) - return 1; + if((len <= 34 && ((len - 2) % 4 == 0)) && (data[0] == 0xe3) && (data[1] == 0x97)) + return 1; - if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x92)) - return 1; + if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x92)) + return 1; - if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x94)) - return 1; + if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x94)) + return 1; - if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x98)) - return 1; + if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x98)) + return 1; - if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x99)) - return 1; + if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x99)) + return 1; - if ((len == 6) && (data[0] == 0xe3) && (data[1] == 0xa2)) - return 1; + if((len == 6) && (data[0] == 0xe3) && (data[1] == 0xa2)) + return 1; - if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0xa3)) - return 1; + if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0xa3)) + return 1; - if ((len == 27) && (data[0] == 0xe4) && (data[1] == 0x00)) - return 1; + if((len == 27) && (data[0] == 0xe4) && (data[1] == 0x00)) + return 1; - if ((len == 529) && (data[0] == 0xe4) && (data[1] == 0x08)) - return 1; + if((len == 529) && (data[0] == 0xe4) && (data[1] == 0x08)) + return 1; - if ((len == 18) && (data[0] == 0xe4) && (data[1] == 0x01) && (data[2] == 0x00) && (data[3] == 0x00)) - return 1; + if((len == 18) && (data[0] == 0xe4) && (data[1] == 0x01) && (data[2] == 0x00) && (data[3] == 0x00)) + return 1; - if ((len == 523) && (data[0] == 0xe4) && (data[1] == 0x09)) - return 1; + if((len == 523) && (data[0] == 0xe4) && (data[1] == 0x09)) + return 1; - if ((len == 35) && (data[0] == 0xe4) && (data[1] == 0x21)) - return 1; + if((len == 35) && (data[0] == 0xe4) && (data[1] == 0x21)) + return 1; - if ((len == 19) && (data[0] == 0xe4) && (data[1] == 0x4b)) - return 1; + if((len == 19) && (data[0] == 0xe4) && (data[1] == 0x4b)) + return 1; - if ((len >= 2) && (data[0] == 0xe4) && (data[1] == 0x11)) - return 1; + if((len >= 2) && (data[0] == 0xe4) && (data[1] == 0x11)) + return 1; - if ((len == 22 || len == 38 || len == 28) && (data[0] == 0xe4) && (data[1] == 0x19)) - return 1; + if((len == 22 || len == 38 || len == 28) && (data[0] == 0xe4) && (data[1] == 0x19)) + return 1; - if ((len == 35) && (data[0] == 0xe4) && (data[1] == 0x20)) - return 1; + if((len == 35) && (data[0] == 0xe4) && (data[1] == 0x20)) + return 1; - if ((len == 27) && (data[0] == 0xe4) && (data[1] == 0x18)) - return 1; + if((len == 27) && (data[0] == 0xe4) && (data[1] == 0x18)) + return 1; - if ((len == 27) && (data[0] == 0xe4) && (data[1] == 0x10)) - return 1; + if((len == 27) && (data[0] == 0xe4) && (data[1] == 0x10)) + return 1; - if ((len == 6) && (data[0] == 0xe4) && (data[1] == 0x58)) - return 1; + if((len == 6) && (data[0] == 0xe4) && (data[1] == 0x58)) + return 1; - if ((len == 4) && (data[0] == 0xe4) && (data[1] == 0x50)) - return 1; + if((len == 4) && (data[0] == 0xe4) && (data[1] == 0x50)) + return 1; - if ((len == 36) && (data[0] == 0xe4) && (data[1] == 0x52)) - return 1; + if((len == 36) && (data[0] == 0xe4) && (data[1] == 0x52)) + return 1; - if ((len == 48) && (data[0] == 0xe4) && (data[1] == 0x40)) - return 1; + if((len == 48) && (data[0] == 0xe4) && (data[1] == 0x40)) + return 1; - if ((len == 225) && (data[0] == 0xe4) && (data[1] == 0x43)) - return 1; + if((len == 225) && (data[0] == 0xe4) && (data[1] == 0x43)) + return 1; - if ((len == 19) && (data[0] == 0xe4) && (data[1] == 0x48)) - return 1; + if((len == 19) && (data[0] == 0xe4) && (data[1] == 0x48)) + return 1; - if ((len == 119 || len == 69 || len == 294) && (data[0] == 0xe4) && (data[1] == 0x29)) - return 1; + if((len == 119 || len == 69 || len == 294) && (data[0] == 0xe4) && (data[1] == 0x29)) + return 1; - if ((len == 119 || len == 69 || len == 294 || len == 44 || len == 269) && (data[0] == 0xe4) && (data[1] == 0x28)) - return 1; + if((len == 119 || len == 69 || len == 294 || len == 44 || len == 269) && (data[0] == 0xe4) && (data[1] == 0x28)) + return 1; return 0; } @@ -159,18 +158,20 @@ static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) { static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; - + /* Break after 20 packets. */ - if (flow->packet_counter > 20) { + if(flow->packet_counter > 20) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } + if(payload_len == 0) return; + /* Check if we so far detected the protocol in the request or not. */ - if (flow->edonkey_stage == 0) { + if(flow->edonkey_stage == 0) { NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage 0: \n"); - if (ndpi_edonkey_payload_check(packet->payload, payload_len)) { + if(ndpi_edonkey_payload_check(packet->payload, payload_len)) { NDPI_LOG_DBG2(ndpi_struct, "Possible EDONKEY request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ @@ -181,12 +182,12 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage %u: \n", flow->edonkey_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ - if ((flow->edonkey_stage - packet->packet_direction) == 1) { + if((flow->edonkey_stage - packet->packet_direction) == 1) { return; } /* This is a packet in another direction. Check if we find the proper response. */ - if ((payload_len == 0) || (ndpi_edonkey_payload_check(packet->payload, payload_len))) { + if((payload_len == 0) || (ndpi_edonkey_payload_check(packet->payload, payload_len))) { NDPI_LOG_INFO(ndpi_struct, "found EDONKEY\n"); ndpi_int_edonkey_add_connection(ndpi_struct, flow); } else { @@ -203,8 +204,8 @@ void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG(ndpi_struct, "search EDONKEY\n"); /* skip marked packets */ - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) { - if (packet->tcp_retransmission == 0) { + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) { + if(packet->tcp_retransmission == 0) { ndpi_check_edonkey(ndpi_struct, flow); } } -- cgit v1.2.3 From d2b2aba6e86b78bd9a9abdf97b51b643da1ef0dd Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Wed, 12 Dec 2018 11:31:07 +0100 Subject: Expose ndpi_fill_ip_protocol_category api to handle ICMP flows category --- src/include/ndpi_api.h | 3 +++ src/lib/ndpi_main.c | 28 +++++++++++++++++++++------- 2 files changed, 24 insertions(+), 7 deletions(-) (limited to 'src/lib') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 5bee25f5b..e57f3a568 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -739,6 +739,9 @@ extern "C" { int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, char *name, ndpi_protocol_category_t category); int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct); + int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, + const struct ndpi_iphdr *iph, + ndpi_protocol *ret); void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 32f19320a..b5b3c9c6b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4313,28 +4313,42 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) /* ********************************************************************************* */ -void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, +int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, + const struct ndpi_iphdr *iph, ndpi_protocol *ret) { if(ndpi_struct->custom_categories.categories_loaded) { - if(flow->packet.iph) { prefix_t prefix; patricia_node_t *node; /* Make sure all in network byte order otherwise compares wont work */ - fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->saddr, + fill_prefix_v4(&prefix, (struct in_addr *)&iph->saddr, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); if(!node) { - fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->daddr, + fill_prefix_v4(&prefix, (struct in_addr *)&iph->daddr, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); } if(node) { - flow->category = ret->category = (ndpi_protocol_category_t)node->value.user_value; - return; + ret->category = (ndpi_protocol_category_t)node->value.user_value; + return 1; + } + } + + ret->category = ndpi_get_proto_category(ndpi_struct, *ret); + return 0; +} + +void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol *ret) { + if(ndpi_struct->custom_categories.categories_loaded) { + if(flow->packet.iph) { + if(ndpi_fill_ip_protocol_category(ndpi_struct, flow->packet.iph, ret)) { + flow->category = ret->category; + return; } } -- cgit v1.2.3 From 92ad05733246738b0fc3bb6b2ddb83605e6babad Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 17 Dec 2018 22:33:58 +0100 Subject: Added Ookla cache --- src/include/ndpi_protocols.h | 1 + src/include/ndpi_typedefs.h | 5 +- src/lib/ndpi_main.c | 14 +- src/lib/protocols/http.c | 31 ++-- src/lib/protocols/ookla.c | 66 +++++++++ src/lib/protocols/snmp_proto.c | 1 - src/lib/third_party/include/lruc.h | 55 +++++++ src/lib/third_party/src/lruc.c | 294 +++++++++++++++++++++++++++++++++++++ 8 files changed, 452 insertions(+), 15 deletions(-) create mode 100644 src/lib/protocols/ookla.c create mode 100644 src/lib/third_party/include/lruc.h create mode 100644 src/lib/third_party/src/lruc.c (limited to 'src/lib') diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 8ac7d7247..5349237d4 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -362,4 +362,5 @@ void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index d48453baf..294af22b3 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -996,7 +996,10 @@ struct ndpi_detection_module_struct { struct bt_announce *bt_ann; int bt_ann_len; -/* NDPI_PROTOCOL_TINC */ + /* NDPI_PROTOCOL_OOKLA */ + void *ookla_cache; + + /* NDPI_PROTOCOL_TINC */ struct cache *tinc_cache; ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b5b3c9c6b..e882feaa6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -30,6 +30,7 @@ #include #include "ahocorasick.h" #include "libcache.h" +#include "lruc.h" #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN @@ -2427,14 +2428,16 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct ndpi_free(ndpi_struct->proto_defaults[i].protoName); } -/* NDPI_PROTOCOL_TINC */ + /* NDPI_PROTOCOL_TINC */ if(ndpi_struct->tinc_cache) cache_free((cache_t)(ndpi_struct->tinc_cache)); - if(ndpi_struct->protocols_ptree) - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, - free_ptree_data); + if(ndpi_struct->ookla_cache) + lruc_free((lruc*)ndpi_struct->ookla_cache); + if(ndpi_struct->protocols_ptree) + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); + if(ndpi_struct->udpRoot != NULL) ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); if(ndpi_struct->tcpRoot != NULL) @@ -3293,6 +3296,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* WHATSAPP */ init_whatsapp_dissector(ndpi_struct, &a, detection_bitmask); + /* OOKLA */ + init_ookla_dissector(ndpi_struct, &a, detection_bitmask); + /* AMQP */ init_amqp_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 94d918e76..09b816129 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -26,7 +26,7 @@ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP #include "ndpi_api.h" - +#include "lruc.h" /* global variables used for 1kxun protocol and iqiyi service */ @@ -613,7 +613,23 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct */ + ookla_found: ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + + if(ndpi_struct->ookla_cache == NULL) + ndpi_struct->ookla_cache = lruc_new(4*1024, 1024); + + if(ndpi_struct->ookla_cache != NULL) { + u_int8_t *dummy = (u_int8_t*)ndpi_malloc(sizeof(u_int8_t)); + + if(dummy) { + if(packet->tcp->source == htons(8080)) + lruc_set((lruc*)ndpi_struct->ookla_cache, (void*)&packet->iph->saddr, 4, dummy, 1); + else + lruc_set((lruc*)ndpi_struct->ookla_cache, (void*)&packet->iph->daddr, 4, dummy, 1); + } + } + return; } @@ -663,9 +679,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for Ookla */ if((packet->referer_line.len > 0) - && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); - return; + && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + goto ookla_found; } /* Check for additional field introduced by Steam */ @@ -782,17 +797,15 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if((packet->payload_packet_len == 34) && (flow->l4.tcp.http_stage == 1)) { if((packet->payload[5] == ' ') && (packet->payload[9] == ' ')) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA); - return; + goto ookla_found; } } if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { /* This looks like Ookla */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); - return; + goto ookla_found; } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); /** At first check, if this is for sure a response packet (in another direction. If not, if HTTP is detected do nothing now and return, diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c new file mode 100644 index 000000000..b1eb295a7 --- /dev/null +++ b/src/lib/protocols/ookla.c @@ -0,0 +1,66 @@ +/* + * ookla.c + * + * Copyright (C) 2018 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OOKLA + +#include "ndpi_api.h" +#include "lruc.h" + + +void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &flow->packet; + u_int32_t addr = 0; + void *value; + + NDPI_LOG_DBG(ndpi_struct, "Ookla detection\n"); + + if(packet->tcp->source == htons(8080)) + addr = packet->iph->saddr; + else if(packet->tcp->dest == htons(8080)) + addr = packet->iph->daddr; + else + goto ookla_exclude; + + if(ndpi_struct->ookla_cache != NULL) { + if(lruc_get(ndpi_struct->ookla_cache, &addr, sizeof(addr), &value) == LRUC_NO_ERROR) { + /* Don't remove it as it can be used for other connections */ + NDPI_LOG_INFO(ndpi_struct, "found ookla tcp connection\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + + ookla_exclude: + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("Ookla", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_OOKLA, + ndpi_search_ookla, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c index 759d6bae0..77ad4d233 100644 --- a/src/lib/protocols/snmp_proto.c +++ b/src/lib/protocols/snmp_proto.c @@ -123,7 +123,6 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n } excl: NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - } diff --git a/src/lib/third_party/include/lruc.h b/src/lib/third_party/include/lruc.h new file mode 100644 index 000000000..55fb271fe --- /dev/null +++ b/src/lib/third_party/include/lruc.h @@ -0,0 +1,55 @@ +#include +#include +#include + +#ifndef __lruc_header__ +#define __lruc_header__ + +// ------------------------------------------ +// errors +// ------------------------------------------ +typedef enum { + LRUC_NO_ERROR = 0, + LRUC_MISSING_CACHE, + LRUC_MISSING_KEY, + LRUC_MISSING_VALUE, + LRUC_PTHREAD_ERROR, + LRUC_VALUE_TOO_LARGE +} lruc_error; + + +// ------------------------------------------ +// types +// ------------------------------------------ +typedef struct { + void *value; + void *key; + uint32_t value_length; + uint32_t key_length; + uint64_t access_count; + void *next; +} lruc_item; + +typedef struct { + lruc_item **items; + uint64_t access_count; + uint64_t free_memory; + uint64_t total_memory; + uint64_t average_item_length; + uint32_t hash_table_size; + time_t seed; + lruc_item *free_items; + pthread_mutex_t *mutex; +} lruc; + + +// ------------------------------------------ +// api +// ------------------------------------------ +lruc *lruc_new(uint64_t cache_size, uint32_t average_length); +lruc_error lruc_free(lruc *cache); +lruc_error lruc_set(lruc *cache, void *key, uint32_t key_length, void *value, uint32_t value_length); +lruc_error lruc_get(lruc *cache, void *key, uint32_t key_length, void **value); +lruc_error lruc_delete(lruc *cache, void *key, uint32_t key_length); + +#endif diff --git a/src/lib/third_party/src/lruc.c b/src/lib/third_party/src/lruc.c new file mode 100644 index 000000000..f08fb2ce1 --- /dev/null +++ b/src/lib/third_party/src/lruc.c @@ -0,0 +1,294 @@ +/* https://github.com/willcannings/C-LRU-Cache */ + +#include "lruc.h" +#include +#include +#include +#include + +// ------------------------------------------ +// private functions +// ------------------------------------------ +// MurmurHash2, by Austin Appleby +// http://sites.google.com/site/murmurhash/ +uint32_t lruc_hash(lruc *cache, void *key, uint32_t key_length) { + uint32_t m = 0x5bd1e995; + uint32_t r = 24; + uint32_t h = cache->seed ^ key_length; + char* data = (char *)key; + + while(key_length >= 4) { + uint32_t k = *(uint32_t *)data; + k *= m; + k ^= k >> r; + k *= m; + h *= m; + h ^= k; + data += 4; + key_length -= 4; + } + + switch(key_length) { + case 3: h ^= data[2] << 16; + case 2: h ^= data[1] << 8; + case 1: h ^= data[0]; + h *= m; + }; + + h ^= h >> 13; + h *= m; + h ^= h >> 15; + return h % cache->hash_table_size; +} + +// compare a key against an existing item's key +int lruc_cmp_keys(lruc_item *item, void *key, uint32_t key_length) { + if(key_length != item->key_length) + return 1; + else + return memcmp(key, item->key, key_length); +} + +// remove an item and push it to the free items queue +void lruc_remove_item(lruc *cache, lruc_item *prev, lruc_item *item, uint32_t hash_index) { + if(prev) + prev->next = item->next; + else + cache->items[hash_index] = (lruc_item *) item->next; + + // free memory and update the free memory counter + cache->free_memory += item->value_length; + free(item->value); + free(item->key); + + // push the item to the free items queue + memset(item, 0, sizeof(lruc_item)); + item->next = cache->free_items; + cache->free_items = item; +} + +// remove the least recently used item +// TODO: we can optimise this by finding the n lru items, where n = required_space / average_length +void lruc_remove_lru_item(lruc *cache) { + lruc_item *min_item = NULL, *min_prev = NULL; + lruc_item *item = NULL, *prev = NULL; + uint32_t i = 0, min_index = -1; + uint64_t min_access_count = -1; + + for(; i < cache->hash_table_size; i++) { + item = cache->items[i]; + prev = NULL; + + while(item) { + if(item->access_count < min_access_count || min_access_count == -1) { + min_access_count = item->access_count; + min_item = item; + min_prev = prev; + min_index = i; + } + prev = item; + item = item->next; + } + } + + if(min_item) + lruc_remove_item(cache, min_prev, min_item, min_index); +} + +// pop an existing item off the free queue, or create a new one +lruc_item *lruc_pop_or_create_item(lruc *cache) { + lruc_item *item = NULL; + + if(cache->free_items) { + item = cache->free_items; + cache->free_items = item->next; + } else { + item = (lruc_item *) calloc(sizeof(lruc_item), 1); + } + + return item; +} + +// error helpers +#define error_for(conditions, error) if(conditions) {return error;} +#define test_for_missing_cache() error_for(!cache, LRUC_MISSING_CACHE) +#define test_for_missing_key() error_for(!key || key_length == 0, LRUC_MISSING_KEY) +#define test_for_missing_value() error_for(!value || value_length == 0, LRUC_MISSING_VALUE) +#define test_for_value_too_large() error_for(value_length > cache->total_memory, LRUC_VALUE_TOO_LARGE) + +// lock helpers +#define lock_cache() if(pthread_mutex_lock(cache->mutex)) {\ + perror("LRU Cache unable to obtain mutex lock");\ + return LRUC_PTHREAD_ERROR;\ +} + +#define unlock_cache() if(pthread_mutex_unlock(cache->mutex)) {\ + perror("LRU Cache unable to release mutex lock");\ + return LRUC_PTHREAD_ERROR;\ +} + + +// ------------------------------------------ +// public api +// ------------------------------------------ +lruc *lruc_new(uint64_t cache_size, uint32_t average_length) { + // create the cache + lruc *cache = (lruc *) calloc(sizeof(lruc), 1); + if(!cache) { + perror("LRU Cache unable to create cache object"); + return NULL; + } + cache->hash_table_size = cache_size / average_length; + cache->average_item_length = average_length; + cache->free_memory = cache_size; + cache->total_memory = cache_size; + cache->seed = time(NULL); + + // size the hash table to a guestimate of the number of slots required (assuming a perfect hash) + cache->items = (lruc_item **) calloc(sizeof(lruc_item *), cache->hash_table_size); + if(!cache->items) { + perror("LRU Cache unable to create cache hash table"); + free(cache); + return NULL; + } + + // all cache calls are guarded by a mutex + cache->mutex = (pthread_mutex_t *) malloc(sizeof(pthread_mutex_t)); + if(pthread_mutex_init(cache->mutex, NULL)) { + perror("LRU Cache unable to initialise mutex"); + free(cache->items); + free(cache); + return NULL; + } + return cache; +} + + +lruc_error lruc_free(lruc *cache) { + test_for_missing_cache(); + + // free each of the cached items, and the hash table + lruc_item *item = NULL, *next = NULL; + uint32_t i = 0; + if(cache->items) { + for(; i < cache->hash_table_size; i++) { + item = cache->items[i]; + while(item) { + next = (lruc_item *) item->next; + free(item); + item = next; + } + } + free(cache->items); + } + + // free the cache + if(cache->mutex) { + if(pthread_mutex_destroy(cache->mutex)) { + perror("LRU Cache unable to destroy mutex"); + return LRUC_PTHREAD_ERROR; + } + } + free(cache); + + return LRUC_NO_ERROR; +} + + +lruc_error lruc_set(lruc *cache, void *key, uint32_t key_length, void *value, uint32_t value_length) { + test_for_missing_cache(); + test_for_missing_key(); + test_for_missing_value(); + test_for_value_too_large(); + lock_cache(); + + // see if the key already exists + uint32_t hash_index = lruc_hash(cache, key, key_length), required = 0; + lruc_item *item = NULL, *prev = NULL; + item = cache->items[hash_index]; + + while(item && lruc_cmp_keys(item, key, key_length)) { + prev = item; + item = (lruc_item *) item->next; + } + + if(item) { + // update the value and value_lengths + required = value_length - item->value_length; + free(item->value); + item->value = value; + item->value_length = value_length; + + } else { + // insert a new item + item = lruc_pop_or_create_item(cache); + item->value = value; + item->key = key; + item->value_length = value_length; + item->key_length = key_length; + required = value_length; + + if(prev) + prev->next = item; + else + cache->items[hash_index] = item; + } + item->access_count = ++cache->access_count; + + // remove as many items as necessary to free enough space + if(required > 0 && required > cache->free_memory) { + while(cache->free_memory < required) + lruc_remove_lru_item(cache); + } + cache->free_memory -= required; + unlock_cache(); + return LRUC_NO_ERROR; +} + + +lruc_error lruc_get(lruc *cache, void *key, uint32_t key_length, void **value) { + test_for_missing_cache(); + test_for_missing_key(); + lock_cache(); + + // loop until we find the item, or hit the end of a chain + uint32_t hash_index = lruc_hash(cache, key, key_length); + lruc_item *item = cache->items[hash_index]; + + while(item && lruc_cmp_keys(item, key, key_length)) + item = (lruc_item *) item->next; + + if(item) { + *value = item->value; + item->access_count = ++cache->access_count; + } else { + *value = NULL; + } + + unlock_cache(); + return LRUC_NO_ERROR; +} + + +lruc_error lruc_delete(lruc *cache, void *key, uint32_t key_length) { + test_for_missing_cache(); + test_for_missing_key(); + lock_cache(); + + // loop until we find the item, or hit the end of a chain + lruc_item *item = NULL, *prev = NULL; + uint32_t hash_index = lruc_hash(cache, key, key_length); + item = cache->items[hash_index]; + + while(item && lruc_cmp_keys(item, key, key_length)) { + prev = item; + item = (lruc_item *) item->next; + } + + if(item) { + lruc_remove_item(cache, prev, item, hash_index); + } + + unlock_cache(); + return LRUC_NO_ERROR; +} -- cgit v1.2.3