vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Improved Tor exit node download and added IPv6 support

Browse source
This commit is contained in:
Luca Deri 2025-02-24 19:57:25 +01:00
parent 3d0bfc7bfe
commit 050ea7e229
7 changed files with 7949 additions and 527 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/cfgs/default/result/dns.pcap.out
View file

@ -1,4 +1,4 @@
DPI Packets (TCP): 6 (6.00 pkts/flow)
DPI Packets (TCP): 9 (9.00 pkts/flow)
DPI Packets (UDP): 6 (2.00 pkts/flow)
Confidence DPI : 4 (flows)
Num dissector calls: 13 (3.25 diss/flow)
@ -9,8 +9,8 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 1/1/0 (insert/search/found)
Automa host: 8/3 (search/found)
Automa domain: 8/0 (search/found)
Automa host: 7/3 (search/found)
Automa domain: 7/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 2/0 (search/found)
Automa common alpns: 0/0 (search/found)
@ -26,7 +26,7 @@ MDNS 1 371 1
Acceptable 17 3553 4
1 TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
1 TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Network/14][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][0.0.0.0][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Header][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
2 UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

12
tests/cfgs/default/result/dns_lots_of_answers.pcapng.out
View file

@ -1,4 +1,4 @@
DPI Packets (TCP): 9 (9.00 pkts/flow)
DPI Packets (TCP): 12 (12.00 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 2 (1.00 diss/flow)
@ -8,9 +8,9 @@ LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 2/1/0 (insert/search/found)
Automa host: 4/4 (search/found)
Automa domain: 4/0 (search/found)
LRU cache fpc_dns: 0/1/0 (insert/search/found)
Automa host: 2/2 (search/found)
Automa domain: 2/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 1/0 (search/found)
Automa common alpns: 0/0 (search/found)
@ -25,5 +25,5 @@ DNS 16 2200 2
Acceptable 16 2200 2
1 TCP 192.168.12.169:4026 <-> 192.168.12.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Network/14][8 pkts/586 bytes <-> 6 pkts/1118 bytes][Goodput ratio: 7/62][3.17 sec][Hostname/SNI: bstream.hzmklvdieo.com][169.197.119.239][DNS Id: 0x474c][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 443/359 1056/716 375/357][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/186 108/764 14/258][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (bstream)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.156:54660 <-> 192.168.12.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/405 bytes][Goodput ratio: 53/89][0.32 sec][Hostname/SNI: dinamicx.alibabausercontent.com][163.181.50.229][DNS Id: 0x0c54][PLAIN TEXT (dinamic)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 192.168.12.169:4026 <-> 192.168.12.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][8 pkts/586 bytes <-> 6 pkts/1118 bytes][Goodput ratio: 7/62][3.17 sec][Hostname/SNI: bstream.hzmklvdieo.com][0.0.0.0][DNS Id: 0x474c][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 443/359 1056/716 375/357][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/186 108/764 14/258][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Header][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (bstream)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.156:54660 <-> 192.168.12.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/405 bytes][Goodput ratio: 53/89][0.32 sec][Hostname/SNI: dinamicx.alibabausercontent.com][0.0.0.0][DNS Id: 0x0c54][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Header][PLAIN TEXT (dinamic)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

6
tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
View file

@ -14,8 +14,8 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/66/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/66/0 (insert/search/found)
Automa host: 237/0 (search/found)
Automa domain: 230/0 (search/found)
Automa host: 236/0 (search/found)
Automa domain: 229/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 124/0 (search/found)
Automa common alpns: 0/0 (search/found)
@ -110,7 +110,7 @@ Unrated 33 4066 33
67 UDP 192.168.1.2:2739 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x6ade][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 UDP 192.168.1.2:2743 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7cc2][DNS Ptr: local_ost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
69 UDP 192.168.1.2:2753 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.527.in-addr.arpa][0.0.0.0][DNS Id: 0x48ce][DNS Ptr: locathost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
70 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x55f0][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
70 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][0.0.0.0][DNS Id: 0x55f0][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Header][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
71 UDP 192.168.1.2:2757 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][0.0.0.0][DNS Id: 0xdff0][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid chars detected in domain name / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
72 UDP 192.168.1.2:2761 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 11/59][0.00 sec][0.0.0.0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
73 UDP 192.168.1.2:2767 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x78fd][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]