mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-19 07:54:24 +00:00
Keep track of how many dissectors calls we made for each flow (#1657)
This commit is contained in:
Ivan Nardi
GitHub
parent
df599e5eff
commit
b4cb14ec19
357 changed files with 382 additions and 7 deletions
|
|
@ -1398,6 +1398,12 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
|
|||
flow->detected_protocol) ? "Encrypted" : "ClearText");
|
||||
|
||||
fprintf(out, "[Confidence: %s]", ndpi_confidence_get_name(flow->confidence));
|
||||
/* If someone wants to have the num_dissector_calls variable per flow, he can print it here.
|
||||
Disabled by default to avoid too many diffs in the unit tests...
|
||||
*/
|
||||
#if 0
|
||||
fprintf(out, "[Num calls: %d]", flow->num_dissector_calls);
|
||||
#endif
|
||||
|
||||
if(flow->detected_protocol.category != 0)
|
||||
fprintf(out, "[cat: %s/%u]",
|
||||
|
|
@ -1977,6 +1983,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept
|
|||
ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[proto] += flow->src2dst_bytes + flow->dst2src_bytes;
|
||||
ndpi_thread_info[thread_id].workflow->stats.protocol_flows[proto]++;
|
||||
ndpi_thread_info[thread_id].workflow->stats.flow_confidence[flow->confidence]++;
|
||||
ndpi_thread_info[thread_id].workflow->stats.num_dissector_calls += flow->num_dissector_calls;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -3482,6 +3489,8 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
|
|||
|
||||
for(i = 0; i < sizeof(cumulative_stats.flow_confidence)/sizeof(cumulative_stats.flow_confidence[0]); i++)
|
||||
cumulative_stats.flow_confidence[i] += ndpi_thread_info[thread_id].workflow->stats.flow_confidence[i];
|
||||
|
||||
cumulative_stats.num_dissector_calls += ndpi_thread_info[thread_id].workflow->stats.num_dissector_calls;
|
||||
}
|
||||
|
||||
if(cumulative_stats.total_wire_bytes == 0)
|
||||
|
|
@ -3589,6 +3598,11 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
|
|||
printf("\tConfidence: %-10s %-13llu (flows)\n", ndpi_confidence_get_name(i),
|
||||
(long long unsigned int)cumulative_stats.flow_confidence[i]);
|
||||
}
|
||||
|
||||
if(cumulative_stats.ndpi_flow_count)
|
||||
printf("\tNum dissector calls: %-13llu (%.2f diss/flow)\n",
|
||||
(long long unsigned int)cumulative_stats.num_dissector_calls,
|
||||
cumulative_stats.num_dissector_calls / (float)cumulative_stats.ndpi_flow_count);
|
||||
}
|
||||
|
||||
if(results_file) {
|
||||
|
|
@ -3615,6 +3629,11 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
|
|||
(long long unsigned int)cumulative_stats.flow_confidence[i]);
|
||||
}
|
||||
|
||||
if(cumulative_stats.ndpi_flow_count)
|
||||
fprintf(results_file, "Num dissector calls: %llu (%.2f diss/flow)\n",
|
||||
(long long unsigned int)cumulative_stats.num_dissector_calls,
|
||||
cumulative_stats.num_dissector_calls / (float)cumulative_stats.ndpi_flow_count);
|
||||
|
||||
fprintf(results_file, "\n");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1050,6 +1050,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
|
|||
flow->risk_str = ndpi_strdup(s);
|
||||
|
||||
flow->confidence = flow->ndpi_flow->confidence;
|
||||
flow->num_dissector_calls = flow->ndpi_flow->num_dissector_calls;
|
||||
|
||||
ndpi_snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s",
|
||||
flow->ndpi_flow->host_server_name);
|
||||
|
|
|
|||
|
|
@ -203,6 +203,7 @@ typedef struct ndpi_flow_info {
|
|||
// result only, not used for flow identification
|
||||
ndpi_protocol detected_protocol;
|
||||
ndpi_confidence_t confidence;
|
||||
u_int16_t num_dissector_calls;
|
||||
|
||||
// Flow data analysis
|
||||
pkt_timeval src2dst_last_pkt_time, dst2src_last_pkt_time, flow_last_pkt_time;
|
||||
|
|
@ -296,6 +297,7 @@ typedef struct ndpi_stats {
|
|||
u_int16_t max_packet_len;
|
||||
u_int64_t dpi_packet_count[3];
|
||||
u_int64_t flow_confidence[NDPI_CONFIDENCE_MAX];
|
||||
u_int64_t num_dissector_calls;
|
||||
} ndpi_stats_t;
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1179,6 +1179,7 @@ struct ndpi_flow_struct {
|
|||
u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category, guessed_header_category;
|
||||
u_int8_t l4_proto, protocol_id_already_guessed:1, host_already_guessed:1, fail_with_unknown:1,
|
||||
init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1, is_ipv6:1;
|
||||
u_int16_t num_dissector_calls;
|
||||
ndpi_confidence_t confidence; /* ndpi_confidence_t */
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -5187,7 +5187,7 @@ static u_int32_t check_ndpi_detection_func(struct ndpi_detection_module_struct *
|
|||
{
|
||||
void *func = NULL;
|
||||
u_int8_t is_tcp_without_payload = (callback_buffer == ndpi_str->callback_buffer_tcp_no_payload);
|
||||
u_int32_t num_calls = (is_tcp_without_payload != 0 ? 1 : 0);
|
||||
u_int32_t num_calls = 0;
|
||||
u_int16_t proto_index = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoIdx;
|
||||
u_int16_t proto_id = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoId;
|
||||
NDPI_PROTOCOL_BITMASK detection_bitmask;
|
||||
|
|
@ -6045,14 +6045,12 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n
|
|||
}
|
||||
|
||||
if(flow->guessed_host_protocol_id >= NDPI_MAX_SUPPORTED_PROTOCOLS) {
|
||||
//u_int32_t num_calls;
|
||||
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet = {0};
|
||||
|
||||
/* This is a custom protocol and it has priority over everything else */
|
||||
ret->master_protocol = flow->guessed_protocol_id, ret->app_protocol = flow->guessed_host_protocol_id;
|
||||
|
||||
//num_calls =
|
||||
ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet);
|
||||
flow->num_dissector_calls += ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet);
|
||||
|
||||
//if(ndpi_str->ndpi_num_custom_protocols != 0)
|
||||
ndpi_fill_protocol_category(ndpi_str, flow, ret);
|
||||
|
|
@ -6311,10 +6309,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
|
|||
flow->tree_risk_checked = 1;
|
||||
}
|
||||
|
||||
ndpi_reconcile_protocols(ndpi_str, flow, &ret);
|
||||
|
||||
if(num_calls == 0)
|
||||
/* It is common to not trigger any dissectors for pure TCP ACK packets */
|
||||
if(num_calls == 0 && packet->payload_packet_len != 0)
|
||||
flow->fail_with_unknown = 1;
|
||||
flow->num_dissector_calls += num_calls;
|
||||
|
||||
ndpi_reconcile_protocols(ndpi_str, flow, &ret);
|
||||
|
||||
/* Zoom cache */
|
||||
if((ret.app_protocol == NDPI_PROTOCOL_ZOOM)
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ Confidence Unknown : 14 (flows)
|
|||
Confidence Match by port : 5 (flows)
|
||||
Confidence Match by IP : 1 (flows)
|
||||
Confidence DPI : 177 (flows)
|
||||
Num dissector calls: 5172 (26.25 diss/flow)
|
||||
|
||||
Unknown 24 6428 14
|
||||
DNS 2 378 1
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (TCP): 1 (1.00 pkts/flow)
|
||||
Confidence Match by port : 1 (flows)
|
||||
Num dissector calls: 121 (121.00 diss/flow)
|
||||
|
||||
TLS 1 1506 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 7 (7.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
ntop 109 73982 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 7 (7.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
ntop 667 458067 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 7 (7.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
Github 70 37189 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (6.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 139 (139.00 diss/flow)
|
||||
|
||||
OpenVPN 46 11573 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 7 (7.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
ntop 41 19929 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (UDP): 5 (5.00 pkts/flow)
|
||||
Confidence Unknown : 1 (flows)
|
||||
Num dissector calls: 169 (169.00 diss/flow)
|
||||
|
||||
Unknown 5 850 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (TCP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 13 (13.00 diss/flow)
|
||||
|
||||
Microsoft 4 2188 1
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ DPI Packets (TCP): 27 (5.40 pkts/flow)
|
|||
DPI Packets (UDP): 4 (2.00 pkts/flow)
|
||||
DPI Packets (other): 3 (1.00 pkts/flow)
|
||||
Confidence DPI : 10 (flows)
|
||||
Num dissector calls: 67 (6.70 diss/flow)
|
||||
|
||||
HTTP 10 1792 1
|
||||
IMAPS 4 516 2
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence Unknown : 1 (flows)
|
||||
Num dissector calls: 112 (112.00 diss/flow)
|
||||
|
||||
Unknown 2 212 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
BGP 14 969 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 2 (1.00 pkts/flow)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 2 (1.00 diss/flow)
|
||||
|
||||
BGP 2 322 2
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 0
|
|||
DPI Packets (TCP): 12 (6.00 pkts/flow)
|
||||
DPI Packets (UDP): 116 (4.00 pkts/flow)
|
||||
Confidence DPI : 31 (flows)
|
||||
Num dissector calls: 4108 (132.52 diss/flow)
|
||||
|
||||
Google 23 11743 2
|
||||
EAQ 174 10092 29
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 5 (1.00 pkts/flow)
|
||||
Confidence DPI : 5 (flows)
|
||||
Num dissector calls: 7 (1.40 diss/flow)
|
||||
|
||||
RTP 6995 1395012 1
|
||||
SIP 92 52851 3
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 4 (2.00 pkts/flow)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 16 (8.00 diss/flow)
|
||||
|
||||
IEC60870 15 1431 2
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow)
|
|||
Confidence Match by port : 4 (flows)
|
||||
Confidence Match by IP : 1 (flows)
|
||||
Confidence DPI : 33 (flows)
|
||||
Num dissector calls: 949 (24.97 diss/flow)
|
||||
|
||||
DNS 2 217 1
|
||||
HTTP 1 56 1
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ DPI Packets (UDP): 6 (1.20 pkts/flow)
|
|||
Confidence Match by port : 4 (flows)
|
||||
Confidence Match by IP : 5 (flows)
|
||||
Confidence DPI : 11 (flows)
|
||||
Num dissector calls: 1027 (51.35 diss/flow)
|
||||
|
||||
HTTP 5 280 1
|
||||
QQ 15 1727 1
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
NTP 1 410 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
NTP 1 90 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
NTP 1 90 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (TCP): 71 (71.00 pkts/flow)
|
||||
Confidence Match by port : 1 (flows)
|
||||
Num dissector calls: 367 (367.00 diss/flow)
|
||||
|
||||
TLS 71 9386 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 797
|
|||
|
||||
DPI Packets (TCP): 797 (1.00 pkts/flow)
|
||||
Confidence DPI : 797 (flows)
|
||||
Num dissector calls: 11955 (15.00 diss/flow)
|
||||
|
||||
HTTP 797 191003 797
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 54 (6.00 pkts/flow)
|
||||
Confidence DPI : 9 (flows)
|
||||
Num dissector calls: 288 (32.00 diss/flow)
|
||||
|
||||
HTTP 94 30008 9
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 639
|
|||
DPI Packets (TCP): 3972 (6.01 pkts/flow)
|
||||
Confidence Match by port : 639 (flows)
|
||||
Confidence DPI : 22 (flows)
|
||||
Num dissector calls: 21182 (32.05 diss/flow)
|
||||
|
||||
HTTP 9374 4721148 661
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
AFP 16 1218 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 26 (1.00 pkts/flow)
|
||||
Confidence DPI : 26 (flows)
|
||||
Num dissector calls: 2444 (94.00 diss/flow)
|
||||
|
||||
SD-RTN 403 112365 26
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 0
|
|||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
DPI Packets (other): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 2 (1.00 diss/flow)
|
||||
|
||||
IPSec 6 1768 2
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 36 (9.00 pkts/flow)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 164 (41.00 diss/flow)
|
||||
|
||||
Aimini 133 86722 4
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ DPI Packets (TCP): 8 (4.00 pkts/flow)
|
|||
DPI Packets (other): 6 (3.00 pkts/flow)
|
||||
Confidence Unknown : 2 (flows)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 36 (9.00 diss/flow)
|
||||
|
||||
Unknown 6 2200 2
|
||||
AJP 26 4446 2
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ DPI Packets (other): 6 (1.00 pkts/flow)
|
|||
Confidence Match by port : 5 (flows)
|
||||
Confidence Match by IP : 9 (flows)
|
||||
Confidence DPI : 146 (flows)
|
||||
Num dissector calls: 2719 (16.99 diss/flow)
|
||||
|
||||
DNS 4 400 2
|
||||
DHCP 3 1056 2
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
AmongUs 1 57 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 9 (3.00 pkts/flow)
|
||||
Confidence DPI : 3 (flows)
|
||||
Num dissector calls: 401 (133.67 diss/flow)
|
||||
|
||||
AMQP 160 23514 3
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ DPI Packets (UDP): 52 (1.68 pkts/flow)
|
|||
DPI Packets (other): 4 (1.00 pkts/flow)
|
||||
Confidence Match by IP : 3 (flows)
|
||||
Confidence DPI : 60 (flows)
|
||||
Num dissector calls: 668 (10.60 diss/flow)
|
||||
|
||||
DNS 4 390 2
|
||||
MDNS 2 174 2
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ Confidence Unknown : 2 (flows)
|
|||
Confidence Match by port : 5 (flows)
|
||||
Confidence Match by IP : 1 (flows)
|
||||
Confidence DPI : 61 (flows)
|
||||
Num dissector calls: 1226 (17.77 diss/flow)
|
||||
|
||||
Unknown 19 1054 2
|
||||
DNS 32 3655 16
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 0
|
|||
DPI Packets (TCP): 13 (6.50 pkts/flow)
|
||||
DPI Packets (UDP): 4 (2.00 pkts/flow)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 42 (10.50 diss/flow)
|
||||
|
||||
AnyDesk 2083 346113 4
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 21 (10.50 pkts/flow)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 23 (11.50 diss/flow)
|
||||
|
||||
AnyDesk 6963 2795460 2
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 39 (1.00 pkts/flow)
|
||||
Confidence DPI : 39 (flows)
|
||||
Num dissector calls: 3549 (91.00 diss/flow)
|
||||
|
||||
AVASTSecureDNS 77 11443 39
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 11 (3.67 pkts/flow)
|
||||
Confidence DPI : 3 (flows)
|
||||
Num dissector calls: 3 (1.00 diss/flow)
|
||||
|
||||
DNS 382 99374 3
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (1.00 pkts/flow)
|
||||
Confidence DPI : 6 (flows)
|
||||
Num dissector calls: 6 (1.00 diss/flow)
|
||||
|
||||
Mining 637 581074 6
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 24 (1.00 pkts/flow)
|
||||
Confidence DPI (cache) : 24 (flows)
|
||||
Num dissector calls: 2114 (88.08 diss/flow)
|
||||
|
||||
BitTorrent 299 305728 24
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI (cache) : 1 (flows)
|
||||
Num dissector calls: 81 (81.00 diss/flow)
|
||||
|
||||
BitTorrent 86 41489 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 10 (1.00 pkts/flow)
|
||||
Confidence DPI : 10 (flows)
|
||||
Num dissector calls: 10 (1.00 diss/flow)
|
||||
|
||||
BJNP 10 460 10
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (6.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 32 (32.00 diss/flow)
|
||||
|
||||
Azure 402 431124 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence DPI (cache) : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
BitTorrent 2 322 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (6.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 8 (8.00 diss/flow)
|
||||
|
||||
Cachefly 6 6163 1
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 1
|
|||
DPI Packets (UDP): 6 (1.20 pkts/flow)
|
||||
DPI Packets (other): 4 (1.00 pkts/flow)
|
||||
Confidence DPI : 9 (flows)
|
||||
Num dissector calls: 9 (1.00 diss/flow)
|
||||
|
||||
DNS 2 166 1
|
||||
DHCP 5 2090 1
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 8 (4.00 pkts/flow)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 36 (18.00 diss/flow)
|
||||
|
||||
Cassandra 286 126016 2
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
CHECKMK 98 20242 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 36 (6.00 pkts/flow)
|
||||
Confidence DPI : 6 (flows)
|
||||
Num dissector calls: 108 (18.00 diss/flow)
|
||||
|
||||
TLS 5633 4985157 6
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
Citrix 100 11332 1
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ DPI Packets (TCP): 42 (5.25 pkts/flow)
|
|||
Confidence Unknown : 1 (flows)
|
||||
Confidence Match by IP : 3 (flows)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 328 (41.00 diss/flow)
|
||||
|
||||
Unknown 11 890 1
|
||||
Google 8 476 3
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 0
|
|||
DPI Packets (TCP): 7 (1.75 pkts/flow)
|
||||
DPI Packets (UDP): 12 (1.00 pkts/flow)
|
||||
Confidence DPI : 16 (flows)
|
||||
Num dissector calls: 364 (22.75 diss/flow)
|
||||
|
||||
COAP 19 1614 8
|
||||
Dropbox 800 80676 4
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 3
|
|||
DPI Packets (UDP): 13 (1.62 pkts/flow)
|
||||
Confidence Match by port : 3 (flows)
|
||||
Confidence DPI : 5 (flows)
|
||||
Num dissector calls: 376 (47.00 diss/flow)
|
||||
|
||||
collectd 81 109386 8
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 12 (4.00 pkts/flow)
|
||||
Confidence DPI : 3 (flows)
|
||||
Num dissector calls: 273 (91.00 diss/flow)
|
||||
|
||||
Corba 22 3681 3
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
CPHA 1 96 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 12 (4.00 pkts/flow)
|
||||
Confidence DPI : 3 (flows)
|
||||
Num dissector calls: 39 (13.00 diss/flow)
|
||||
|
||||
Dazn 12 6675 3
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 4 (1.00 pkts/flow)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 216 (54.00 diss/flow)
|
||||
|
||||
RPC 16 6866 4
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence Match by port : 1 (flows)
|
||||
Num dissector calls: 99 (99.00 diss/flow)
|
||||
|
||||
DHCP 1 342 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
Diameter 6 1980 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 5 (5.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 13 (13.00 diss/flow)
|
||||
|
||||
Discord 7 3708 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
QUIC 1 1230 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 80 (10.00 pkts/flow)
|
||||
Confidence DPI : 8 (flows)
|
||||
Num dissector calls: 408 (51.00 diss/flow)
|
||||
|
||||
DNP3 543 38754 8
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
DNS 2 196 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
DNS 434 70252 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 20 (2.00 pkts/flow)
|
||||
Confidence DPI : 10 (flows)
|
||||
Num dissector calls: 10 (1.00 diss/flow)
|
||||
|
||||
QQ 2 212 1
|
||||
Google 2 208 1
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (6.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 18 (18.00 diss/flow)
|
||||
|
||||
DoH_DoT 142 20362 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (6.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 20 (20.00 diss/flow)
|
||||
|
||||
DoH_DoT 24 5869 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
DNS 300 73545 1
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 1
|
|||
DPI Packets (TCP): 12 (6.00 pkts/flow)
|
||||
DPI Packets (UDP): 39 (2.05 pkts/flow)
|
||||
Confidence DPI : 21 (flows)
|
||||
Num dissector calls: 51 (2.43 diss/flow)
|
||||
|
||||
DNS 53 16888 18
|
||||
Google 6 4807 3
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
DNS 2 134 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 1 (1.00 diss/flow)
|
||||
|
||||
Google 2 262 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 256 (1.04 pkts/flow)
|
||||
Confidence DPI : 245 (flows)
|
||||
Num dissector calls: 21885 (89.33 diss/flow)
|
||||
|
||||
DNScrypt 488 309562 245
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 70 (2.06 pkts/flow)
|
||||
Confidence DPI : 34 (flows)
|
||||
Num dissector calls: 40 (1.18 diss/flow)
|
||||
|
||||
DoH_DoT 577 216583 34
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 6 (2.00 pkts/flow)
|
||||
Confidence DPI : 3 (flows)
|
||||
Num dissector calls: 351 (117.00 diss/flow)
|
||||
|
||||
DNScrypt 6 4300 3
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 118 (118.00 diss/flow)
|
||||
|
||||
DNScrypt 6 2380 1
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 0
|
|||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
DPI Packets (other): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 65 (32.50 diss/flow)
|
||||
|
||||
ICMPV6 6 1170 1
|
||||
DoH_DoT 14 4788 1
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 66 (66.00 diss/flow)
|
||||
|
||||
DoH_DoT 296 44445 1
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 0
|
|||
DPI Packets (UDP): 3 (1.00 pkts/flow)
|
||||
DPI Packets (other): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 4 (1.00 diss/flow)
|
||||
|
||||
NetBIOS 46 5060 2
|
||||
SMBv1 15 3447 1
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 103 (103.00 diss/flow)
|
||||
|
||||
DRDA 38 6691 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 27 (1.80 pkts/flow)
|
||||
Confidence DPI : 15 (flows)
|
||||
Num dissector calls: 15 (1.00 diss/flow)
|
||||
|
||||
Dropbox 848 90532 15
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 2 (2.00 diss/flow)
|
||||
|
||||
DTLS 2 394 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 2 (2.00 diss/flow)
|
||||
|
||||
DTLS 30 4991 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 3 (3.00 diss/flow)
|
||||
|
||||
WindowsUpdate 1 1486 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 2 (2.00 diss/flow)
|
||||
|
||||
GoogleCloud 20 5978 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 4 (1.00 pkts/flow)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 12 (3.00 diss/flow)
|
||||
|
||||
DTLS 91 37868 4
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 1
|
|||
|
||||
DPI Packets (UDP): 7 (7.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 3 (3.00 diss/flow)
|
||||
|
||||
DTLS 7 994 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (UDP): 4 (4.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 2 (2.00 diss/flow)
|
||||
|
||||
DTLS 4 604 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 48 (8.00 pkts/flow)
|
||||
Confidence DPI : 6 (flows)
|
||||
Num dissector calls: 300 (50.00 diss/flow)
|
||||
|
||||
SMTP 626 438465 1
|
||||
HTTP 1601 1581542 3
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 3
|
|||
|
||||
DPI Packets (TCP): 3 (1.00 pkts/flow)
|
||||
Confidence DPI : 3 (flows)
|
||||
Num dissector calls: 3 (1.00 diss/flow)
|
||||
|
||||
Cloudflare 3 2310 3
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ Guessed flow protos: 0
|
|||
DPI Packets (UDP): 1 (1.00 pkts/flow)
|
||||
DPI Packets (other): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 2 (flows)
|
||||
Num dissector calls: 2 (1.00 diss/flow)
|
||||
|
||||
IPSec 6 1856 2
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ DPI Packets (UDP): 18 (1.00 pkts/flow)
|
|||
Confidence Match by port : 1 (flows)
|
||||
Confidence Match by IP : 2 (flows)
|
||||
Confidence DPI : 71 (flows)
|
||||
Num dissector calls: 1515 (20.47 diss/flow)
|
||||
|
||||
Mining 1997 215877 72
|
||||
AmazonAWS 1 78 1
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 4 (1.00 pkts/flow)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 4 (1.00 diss/flow)
|
||||
|
||||
EthernetIP 100 17384 4
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (6.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 32 (32.00 diss/flow)
|
||||
|
||||
HTTP 703 717463 1
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Guessed flow protos: 0
|
|||
|
||||
DPI Packets (TCP): 6 (6.00 pkts/flow)
|
||||
Confidence DPI : 1 (flows)
|
||||
Num dissector calls: 32 (32.00 diss/flow)
|
||||
|
||||
HTTP 534 529449 1
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue