vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

New protocols for Amazon/AWS sub-classification (#2975)

Browse source 
Add:
* Cognito
* API Gateway
* Kinesis
* EC2
* EMR
* S3
* Cloudfront
* DynamoDB

Keep `NDPI_PROTOCOL_AMAZON_AWS` for generic AWS traffic
This commit is contained in:
Ivan Nardi 2025-10-02 11:48:25 +02:00 committed by GitHub
parent c9dfc946ff
commit 113170cca4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
93 changed files with 5121 additions and 826 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/cfgs/default/result/telegram_videocall.pcapng.out
View file

@ -33,8 +33,8 @@ TLS 7 497 2
ICMPV6 5 350 2
Dropbox 2 348 1
Telegram 633 339051 7
AmazonAWS 4 288 1
TelegramVoip 228 41561 16
AWS_EC2 4 288 1
Safe 7 497 2
Acceptable 880 382620 32
@ -69,8 +69,8 @@ Network 13 1372 7
22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][Stack: STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][Breed: Acceptable][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][Stack: STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][Breed: Acceptable][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][30.01 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 265/AmazonAWS][Stack: AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][Breed: Acceptable][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][Stack: TLS][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 461/AWS_EC2][Stack: AWS_EC2][IP: 461/AWS_EC2][Encrypted][Confidence: Match by IP][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 4][cat: Cloud/13][Breed: Acceptable][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
27 ICMPV6 [fe80::98df:58ff:fefa:ebdc]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][Stack: ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][32.62 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][Stack: ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.590 (Executable?)][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][Stack: ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.612 (Executable?)][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]