vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-18 14:49:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

icecast: remove dissector; detection only over HTTP (#3155)

Browse source 
It seems nowadays icecast uses only TLS or HTTP.
Example of a pcap with the old protocol:
https://thecodeartist.blogspot.com/2013/02/shoutcast-internet-radio-protocol.html

See also: https://cast.readme.io/docs/icecast
This commit is contained in:
Ivan Nardi 2026-04-14 13:02:21 +00:00 committed by GitHub
parent 9eb914d587
commit bbbd117fe5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
205 changed files with 242 additions and 303 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/include/ndpi_private.h
View file

@ -859,7 +859,6 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct);
void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct);
void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct);
void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct);
void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct);
void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct);
void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct);

3
src/include/ndpi_typedefs.h
View file

@ -959,9 +959,6 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_POSTGRES */
u_int64_t postgres_stage:3;
/* NDPI_PROTOCOL_ICECAST */
u_int64_t icecast_stage:1;
/* NDPI_PROTOCOL_MAIL_POP */
u_int64_t mail_pop_stage:2;

5
src/lib/ndpi_main.c
View file

@ -1499,7 +1499,7 @@ static void init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str
ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */,
0);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST,
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST,
"IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_QOE_CATEGORY_UNSPECIFIED,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */,
@ -6928,9 +6928,6 @@ static int dissectors_init(struct ndpi_detection_module_struct *ndpi_str) {
/* SNMP */
init_snmp_dissector(ndpi_str);
/* ICECAST */
init_icecast_dissector(ndpi_str);
/* KERBEROS */
init_kerberos_dissector(ndpi_str);

7
src/lib/protocols/http.c
View file

@ -531,6 +531,13 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
update_category_and_breed(ndpi_struct, flow);
}
if(packet->server_line.len > 7 &&
strncmp((const char *)packet->server_line.ptr, "Icecast", 7) == 0) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ICECAST, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
ndpi_unset_risk(ndpi_struct, flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
}
/* Matching on Content-Type.
OCSP: application/ocsp-request, application/ocsp-response
*/

97
src/lib/protocols/icecast.c
View file

@ -1,97 +0,0 @@
/*
* icecast.c
*
* Copyright (C) 2009-11 - ipoque GmbH
* Copyright (C) 2011-26 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
*
* nDPI is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* nDPI is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
*
*/
#include "ndpi_protocol_ids.h"
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ICECAST
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ICECAST, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
}
static void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t i;
NDPI_LOG_DBG(ndpi_struct, "search icecast\n");
if((packet->payload_packet_len < 500 &&
packet->payload_packet_len >= 7 && memcmp(packet->payload, "SOURCE ", 7) == 0)
|| flow->l4.tcp.icecast_stage) {
ndpi_parse_packet_line_info_any(ndpi_struct);
NDPI_LOG_DBG2(ndpi_struct, "Icecast lines=%d\n", packet->parsed_lines);
for (i = 0; i < packet->parsed_lines; i++) {
if(packet->line[i].ptr != NULL && packet->line[i].len > 4
&& memcmp(packet->line[i].ptr, "ice-", 4) == 0) {
NDPI_LOG_INFO(ndpi_struct, "found Icecast\n");
ndpi_int_icecast_add_connection(ndpi_struct, flow);
return;
}
}
if(packet->parsed_lines < 1 && !flow->l4.tcp.icecast_stage) {
flow->l4.tcp.icecast_stage = 1;
return;
}
}
if(current_pkt_from_client_to_server(ndpi_struct, flow)
&& (flow->packet_counter < 10)) {
return;
}
if(current_pkt_from_server_to_client(ndpi_struct, flow)) {
/* server answer, now test Server for Icecast */
ndpi_parse_packet_line_info(ndpi_struct, flow);
if((packet->server_line.ptr != NULL)
&& (packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast"))
&& memcmp(packet->server_line.ptr, "Icecast",
NDPI_STATICSTRING_LEN("Icecast")) == 0) {
/* TODO maybe store the previous protocol type as subtype?
* e.g. ogg or mpeg
*/
NDPI_LOG_INFO(ndpi_struct, "found Icecast\n");
ndpi_int_icecast_add_connection(ndpi_struct, flow);
return;
}
}
NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
}
void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct)
{
ndpi_register_dissector("IceCast", ndpi_struct,
ndpi_search_icecast_tcp,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
1, NDPI_PROTOCOL_ICECAST);
}

2
tests/cfgs/caches_cfg/result/ookla.pcap.out
View file

@ -3,7 +3,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 40 (6.67 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 5 (flows)
Num dissector calls: 579 (96.50 diss/flow)
Num dissector calls: 573 (95.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/caches_cfg/result/teams.pcap.out
View file

@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence Match by port : 2 (flows)
Confidence DPI : 80 (flows)
Num dissector calls: 526 (6.34 diss/flow)
Num dissector calls: 524 (6.31 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 30/0/0 (insert/search/found)

2
tests/cfgs/caches_global/result/bittorrent.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 24 (1.00 pkts/flow)
Confidence DPI : 24 (flows)
Num dissector calls: 1674 (69.75 diss/flow)
Num dissector calls: 1652 (68.83 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 120/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/caches_global/result/ookla.pcap.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 40 (6.67 pkts/flow)
Confidence DPI (partial cache): 1 (flows)
Confidence DPI : 4 (flows)
Confidence DPI (aggressive) : 1 (flows)
Num dissector calls: 579 (96.50 diss/flow)
Num dissector calls: 573 (95.50 diss/flow)
LRU cache ookla: 4/2/2 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/caches_global/result/teams.pcap.out
View file

@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows)
Confidence Match by port : 2 (flows)
Confidence DPI (partial) : 4 (flows)
Confidence DPI : 76 (flows)
Num dissector calls: 526 (6.34 diss/flow)
Num dissector calls: 524 (6.31 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 30/0/0 (insert/search/found)

2
tests/cfgs/classification_only/result/bittorrent.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 24 (1.00 pkts/flow)
Confidence DPI : 24 (flows)
Num dissector calls: 1674 (69.75 diss/flow)
Num dissector calls: 1652 (68.83 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 120/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/classification_only/result/bittorrent_tcp_miss.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 10 (10.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 229 (229.00 diss/flow)
Num dissector calls: 227 (227.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 5/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/classification_only/result/ookla.pcap.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 38 (6.33 pkts/flow)
Confidence DPI (partial cache): 1 (flows)
Confidence DPI : 4 (flows)
Confidence DPI (aggressive) : 1 (flows)
Num dissector calls: 579 (96.50 diss/flow)
Num dissector calls: 573 (95.50 diss/flow)
LRU cache ookla: 4/2/2 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/classification_only/result/teams.pcap.out
View file

@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows)
Confidence Match by port : 2 (flows)
Confidence DPI (partial) : 6 (flows)
Confidence DPI : 74 (flows)
Num dissector calls: 526 (6.34 diss/flow)
Num dissector calls: 524 (6.31 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 24/0/0 (insert/search/found)

2
tests/cfgs/classification_only/result/waze.pcap.out
View file

@ -5,7 +5,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence Match by port : 9 (flows)
Confidence DPI : 23 (flows)
Num dissector calls: 356 (10.79 diss/flow)
Num dissector calls: 354 (10.73 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/30/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

BIN
tests/cfgs/default/pcap/icecast.pcapng Normal file
View file

Binary file not shown.

2
tests/cfgs/default/result/1kxun.pcap.out
View file

@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow)
Confidence Unknown : 9 (flows)
Confidence Match by port : 6 (flows)
Confidence DPI : 182 (flows)
Num dissector calls: 4488 (22.78 diss/flow)
Num dissector calls: 4484 (22.76 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/45/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/443-chrome.pcap.out
View file

@ -2,7 +2,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 1 (1.00 pkts/flow)
Confidence Match by port : 1 (flows)
Num dissector calls: 161 (161.00 diss/flow)
Num dissector calls: 160 (160.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/443-opvn.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 6 (6.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 162 (162.00 diss/flow)
Num dissector calls: 161 (161.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/KakaoTalk_chat.pcap.out
View file

@ -5,7 +5,7 @@ DPI Packets (UDP): 36 (2.00 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence Match by port : 5 (flows)
Confidence DPI : 33 (flows)
Num dissector calls: 531 (13.97 diss/flow)
Num dissector calls: 528 (13.89 diss/flow)
LRU cache ookla: 0/1/0 (insert/search/found)
LRU cache bittorrent: 0/15/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/KakaoTalk_talk.pcap.out
View file

@ -5,7 +5,7 @@ DPI Packets (UDP): 17 (3.40 pkts/flow)
Confidence Match by port : 8 (flows)
Confidence DPI : 11 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 1227 (61.35 diss/flow)
Num dissector calls: 1221 (61.05 diss/flow)
LRU cache ookla: 0/2/0 (insert/search/found)
LRU cache bittorrent: 0/27/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/Oscar.pcap.out
View file

@ -2,7 +2,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 19 (19.00 pkts/flow)
Confidence Match by port : 1 (flows)
Num dissector calls: 245 (245.00 diss/flow)
Num dissector calls: 243 (243.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/alexa-app.pcapng.out
View file

@ -6,7 +6,7 @@ DPI Packets (other): 6 (1.00 pkts/flow)
Confidence Match by port : 14 (flows)
Confidence DPI : 144 (flows)
Confidence Match by custom rule: 2 (flows)
Num dissector calls: 537 (3.36 diss/flow)
Num dissector calls: 536 (3.35 diss/flow)
LRU cache ookla: 0/5/0 (insert/search/found)
LRU cache bittorrent: 0/42/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/alicloud.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 60 (4.00 pkts/flow)
Confidence DPI : 15 (flows)
Num dissector calls: 1530 (102.00 diss/flow)
Num dissector calls: 1515 (101.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/amqp.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 9 (3.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 371 (123.67 diss/flow)
Num dissector calls: 365 (121.67 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/anyconnect-vpn.pcap.out
View file

@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow)
Confidence Unknown : 2 (flows)
Confidence Match by port : 6 (flows)
Confidence DPI : 61 (flows)
Num dissector calls: 813 (11.78 diss/flow)
Num dissector calls: 807 (11.70 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/24/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/apple_push.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 8 (8.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 162 (162.00 diss/flow)
Num dissector calls: 161 (161.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/atg.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 5 (2.50 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 302 (151.00 diss/flow)
Num dissector calls: 300 (150.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/avast.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 40 (4.00 pkts/flow)
Confidence DPI : 10 (flows)
Num dissector calls: 1030 (103.00 diss/flow)
Num dissector calls: 1020 (102.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/bfcp.pcapng.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
DPI Packets (UDP): 2 (1.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 419 (139.67 diss/flow)
Num dissector calls: 418 (139.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/bittorrent.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 24 (1.00 pkts/flow)
Confidence DPI : 24 (flows)
Num dissector calls: 1674 (69.75 diss/flow)
Num dissector calls: 1652 (68.83 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 120/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 10 (10.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 229 (229.00 diss/flow)
Num dissector calls: 227 (227.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 5/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/blizzard.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 22 (4.40 pkts/flow)
DPI Packets (UDP): 4 (1.00 pkts/flow)
Confidence DPI : 9 (flows)
Num dissector calls: 173 (19.22 diss/flow)
Num dissector calls: 172 (19.11 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/cassandra.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 16 (5.33 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 325 (108.33 diss/flow)
Num dissector calls: 323 (107.67 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/cloudflare-warp.pcap.out
View file

@ -5,7 +5,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow)
Confidence Match by port : 2 (flows)
Confidence DPI : 6 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 350 (38.89 diss/flow)
Num dissector calls: 348 (38.67 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/coap_mqtt.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 7 (1.75 pkts/flow)
DPI Packets (UDP): 12 (1.00 pkts/flow)
Confidence DPI : 16 (flows)
Num dissector calls: 276 (17.25 diss/flow)
Num dissector calls: 272 (17.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/codm.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 7 (7.00 pkts/flow)
DPI Packets (UDP): 5 (2.50 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 487 (162.33 diss/flow)
Num dissector calls: 486 (162.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/corba.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
DPI Packets (UDP): 1 (1.00 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 108 (54.00 diss/flow)
Num dissector calls: 107 (53.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/crossfire.pcapng.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
DPI Packets (UDP): 2 (1.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 113 (37.67 diss/flow)
Num dissector calls: 112 (37.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/custom_categories.pcapng.out
View file

@ -2,7 +2,7 @@ DPI Packets (TCP): 27 (13.50 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence DPI : 4 (flows)
Num dissector calls: 323 (80.75 diss/flow)
Num dissector calls: 321 (80.25 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/dingtalk.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 11 (5.50 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 316 (158.00 diss/flow)
Num dissector calls: 314 (157.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/dlms.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
DPI Packets (UDP): 1 (1.00 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 249 (124.50 diss/flow)
Num dissector calls: 248 (124.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/dofus.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 32 (6.40 pkts/flow)
Confidence DPI : 5 (flows)
Num dissector calls: 413 (82.60 diss/flow)
Num dissector calls: 409 (81.80 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/drda_db2.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 69 (69.00 diss/flow)
Num dissector calls: 68 (68.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/elasticsearch.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 16 (2.29 pkts/flow)
Confidence DPI : 7 (flows)
Num dissector calls: 756 (108.00 diss/flow)
Num dissector calls: 749 (107.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/elf.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 10 (10.00 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence Unknown : 2 (flows)
Num dissector calls: 349 (174.50 diss/flow)
Num dissector calls: 347 (173.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/6/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/emotet.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 48 (8.00 pkts/flow)
Confidence DPI : 6 (flows)
Num dissector calls: 223 (37.17 diss/flow)
Num dissector calls: 222 (37.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/false_positives.pcapng.out
View file

@ -2,7 +2,7 @@ DPI Packets (TCP): 16 (5.33 pkts/flow)
DPI Packets (UDP): 66 (7.33 pkts/flow)
Confidence Unknown : 4 (flows)
Confidence DPI : 8 (flows)
Num dissector calls: 1759 (146.58 diss/flow)
Num dissector calls: 1758 (146.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/12/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/false_positives2.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 61 (20.33 pkts/flow)
Confidence Unknown : 3 (flows)
Num dissector calls: 703 (234.33 diss/flow)
Num dissector calls: 697 (232.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/fastcgi.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 6 (6.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 177 (177.00 diss/flow)
Num dissector calls: 175 (175.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/fix.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 12 (1.00 pkts/flow)
Confidence DPI : 12 (flows)
Num dissector calls: 876 (73.00 diss/flow)
Num dissector calls: 864 (72.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/fix2.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 8 (4.00 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 144 (72.00 diss/flow)
Num dissector calls: 142 (71.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/ftp-start-tls.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 17 (17.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 182 (182.00 diss/flow)
Num dissector calls: 181 (181.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/ftp.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 37 (12.33 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence DPI : 2 (flows)
Num dissector calls: 531 (177.00 diss/flow)
Num dissector calls: 528 (176.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/ftp_failed.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 8 (8.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 179 (179.00 diss/flow)
Num dissector calls: 178 (178.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
View file

@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow)
Confidence Unknown : 25 (flows)
Confidence Match by port : 32 (flows)
Confidence DPI : 189 (flows)
Num dissector calls: 8755 (35.59 diss/flow)
Num dissector calls: 8742 (35.54 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/174/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out
View file

@ -6,7 +6,7 @@ Confidence Unknown : 3 (flows)
Confidence Match by port : 22 (flows)
Confidence DPI : 13 (flows)
Confidence Match by custom rule: 1 (flows)
Num dissector calls: 975 (25.00 diss/flow)
Num dissector calls: 970 (24.87 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/75/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/fuzz-2021-10-13.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 1 (1.00 pkts/flow)
Confidence Unknown : 1 (flows)
Num dissector calls: 158 (158.00 diss/flow)
Num dissector calls: 157 (157.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/gaijin_mobile_mixed.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 13 (6.50 pkts/flow)
DPI Packets (UDP): 1 (1.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 164 (54.67 diss/flow)
Num dissector calls: 163 (54.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/genshin-impact.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 12 (4.00 pkts/flow)
DPI Packets (UDP): 3 (1.00 pkts/flow)
Confidence DPI : 6 (flows)
Num dissector calls: 432 (72.00 diss/flow)
Num dissector calls: 429 (71.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/google_ssl.pcap.out
View file

@ -2,7 +2,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 22 (22.00 pkts/flow)
Confidence Match by port : 1 (flows)
Num dissector calls: 230 (230.00 diss/flow)
Num dissector calls: 228 (228.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/h323.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 15 (3.75 pkts/flow)
DPI Packets (UDP): 2 (1.00 pkts/flow)
Confidence DPI : 6 (flows)
Num dissector calls: 56 (9.33 diss/flow)
Num dissector calls: 55 (9.17 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/haproxy.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 1 (1.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 114 (114.00 diss/flow)
Num dissector calls: 113 (113.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/hl7.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 18 (6.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 393 (131.00 diss/flow)
Num dissector calls: 390 (130.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/hpvirtgrp.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 37 (4.11 pkts/flow)
Confidence DPI : 9 (flows)
Num dissector calls: 828 (92.00 diss/flow)
Num dissector calls: 819 (91.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/http2.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 1 (1.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 113 (113.00 diss/flow)
Num dissector calls: 112 (112.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out
View file

@ -2,7 +2,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 1 (1.00 pkts/flow)
Confidence Match by port : 1 (flows)
Num dissector calls: 161 (161.00 diss/flow)
Num dissector calls: 160 (160.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

38
tests/cfgs/default/result/icecast.pcapng.out Normal file
View file

@ -0,0 +1,38 @@
DPI Packets (TCP): 18 (6.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 39 (13.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/3/0 (insert/search/found)
Automa host: 6/0 (search/found)
Automa domain: 3/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 3/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 6/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 6/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Hash malicious ja4: 0/0 (search/found)
Hash malicious sha1: 0/0 (search/found)
Hash TCP fingerprints: 3/3 (search/found)
Hash public domain suffix: 9/0 (search/found)
Hash ja4 custom protos: 0/0 (search/found)
Hash fp custom protos: 0/0 (search/found)
Hash url custom protos: 3/0 (search/found)
IceCast 45 29622 3
Fun 45 29622 3
Media 45 29622 3
1 TCP 192.168.1.126:58596 <-> 68.34.83.26:8000 [proto: 7.52/HTTP.IceCast][Stack: HTTP.IceCast][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][Breed: Fun][10 pkts/1037 bytes <-> 10 pkts/12969 bytes][Goodput ratio: 36/95][0.75 sec][Hostname/SNI: 68.34.83.26][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/78 378/256 136/107][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1297 435/2962 110/1203][URL: 68.34.83.26:8000/streamTV1.ogg][StatusCode: 200][Content-Type: application/ogg][Server: Icecast 2.4.4][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:147.0) Gecko/20100101 Firefox/147.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 68.34.83.26;Expected on port 80][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (GET /streamTV)][Plen Bins: 0,0,0,11,11,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,33]
2 TCP 192.168.1.126:38030 <-> 168.119.74.185:9000 [proto: 7.52/HTTP.IceCast][Stack: HTTP.IceCast][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][Breed: Fun][8 pkts/903 bytes <-> 7 pkts/10781 bytes][Goodput ratio: 41/96][0.09 sec][Hostname/SNI: 168.119.74.185][bytes ratio: -0.845 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/14 72/55 26/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1540 433/2962 121/1286][URL: 168.119.74.185:9000/dos.webm][StatusCode: 200][Content-Type: video/webm][Server: Icecast 2.4.4][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:147.0) Gecko/20100101 Firefox/147.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 168.119.74.185;Expected on port 80][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (GET /dos.webm HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,51]
3 TCP 192.168.1.126:38024 <-> 168.119.74.185:9000 [proto: 7.52/HTTP.IceCast][Stack: HTTP.IceCast][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][Breed: Fun][5 pkts/647 bytes <-> 5 pkts/3285 bytes][Goodput ratio: 48/90][0.06 sec][Hostname/SNI: 168.119.74.185][bytes ratio: -0.671 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 9/12 20/17 9/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 129/657 375/2962 123/1153][URL: 168.119.74.185:9000/][StatusCode: 200][Content-Type: text/xml][Server: Icecast 2.4.4][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:147.0) Gecko/20100101 Firefox/147.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 168.119.74.185;Expected on port 80][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]

2
tests/cfgs/default/result/imap-starttls.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 19 (19.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 221 (221.00 diss/flow)
Num dissector calls: 220 (220.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/imap.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 11 (11.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 221 (221.00 diss/flow)
Num dissector calls: 220 (220.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/instagram.pcap.out
View file

@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence Match by port : 7 (flows)
Confidence DPI : 30 (flows)
Num dissector calls: 1279 (33.66 diss/flow)
Num dissector calls: 1275 (33.55 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/24/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/irc.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 7 (7.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 186 (186.00 diss/flow)
Num dissector calls: 184 (184.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/iso9506-1-mms.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 7 (7.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 197 (197.00 diss/flow)
Num dissector calls: 195 (195.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/ja4.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 48 (8.00 pkts/flow)
Confidence DPI : 6 (flows)
Num dissector calls: 972 (162.00 diss/flow)
Num dissector calls: 966 (161.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/jabber.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 74 (6.17 pkts/flow)
Confidence DPI : 12 (flows)
Num dissector calls: 1711 (142.58 diss/flow)
Num dissector calls: 1697 (141.42 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/json.pcapng.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 132 (4.40 pkts/flow)
DPI Packets (UDP): 4 (1.00 pkts/flow)
Confidence DPI : 34 (flows)
Num dissector calls: 5090 (149.71 diss/flow)
Num dissector calls: 5062 (148.88 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/jsonrpc.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 10 (5.00 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 144 (72.00 diss/flow)
Num dissector calls: 143 (71.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/kafka.pcapng.out
View file

@ -3,7 +3,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 16 (1.78 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 8 (flows)
Num dissector calls: 221 (24.56 diss/flow)
Num dissector calls: 218 (24.22 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/kerberos.pcap.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (2.14 pkts/flow)
Confidence Unknown : 2 (flows)
Confidence Match by port : 23 (flows)
Confidence DPI : 11 (flows)
Num dissector calls: 4610 (128.06 diss/flow)
Num dissector calls: 4560 (126.67 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/75/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/kismet.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 105 (105.00 diss/flow)
Num dissector calls: 104 (104.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/lisp_registration.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 8 (4.00 pkts/flow)
DPI Packets (UDP): 2 (1.00 pkts/flow)
Confidence DPI : 4 (flows)
Num dissector calls: 162 (40.50 diss/flow)
Num dissector calls: 160 (40.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 54 (7.71 pkts/flow)
Confidence Unknown : 2 (flows)
Confidence DPI : 5 (flows)
Num dissector calls: 346 (49.43 diss/flow)
Num dissector calls: 343 (49.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/6/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/lustre.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 5 (2.50 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 306 (153.00 diss/flow)
Num dissector calls: 304 (152.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/melsec.pcapng.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 6 (6.00 pkts/flow)
DPI Packets (UDP): 2 (1.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 482 (160.67 diss/flow)
Num dissector calls: 480 (160.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/memcached.cap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 6 (6.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 162 (162.00 diss/flow)
Num dissector calls: 161 (161.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/monero.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 16 (4.00 pkts/flow)
Confidence DPI : 4 (flows)
Num dissector calls: 496 (124.00 diss/flow)
Num dissector calls: 492 (123.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/mongo_false_positive.pcapng.out
View file

@ -2,7 +2,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 13 (13.00 pkts/flow)
Confidence Match by port : 1 (flows)
Num dissector calls: 257 (257.00 diss/flow)
Num dissector calls: 255 (255.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/mongodb.pcap.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 27 (3.38 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence Match by port : 2 (flows)
Confidence DPI : 5 (flows)
Num dissector calls: 95 (11.88 diss/flow)
Num dissector calls: 94 (11.75 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/msgpack.pcap.out
View file

@ -2,7 +2,7 @@ DPI Packets (TCP): 19 (4.75 pkts/flow)
DPI Packets (UDP): 12 (1.71 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence DPI : 10 (flows)
Num dissector calls: 1662 (151.09 diss/flow)
Num dissector calls: 1658 (150.73 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/mssql_tds.pcap.out
View file

@ -3,7 +3,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 18 (1.50 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 11 (flows)
Num dissector calls: 258 (21.50 diss/flow)
Num dissector calls: 251 (20.92 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/naver.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 22 (7.33 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 486 (162.00 diss/flow)
Num dissector calls: 483 (161.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/nest_log_sink.pcap.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 129 (9.92 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 13 (flows)
Num dissector calls: 2197 (156.93 diss/flow)
Num dissector calls: 2173 (155.21 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/netbios.pcap.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 3 (1.50 pkts/flow)
DPI Packets (UDP): 14 (1.00 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 15 (flows)
Num dissector calls: 176 (11.00 diss/flow)
Num dissector calls: 175 (10.94 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/nexon.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 8 (4.00 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 86 (43.00 diss/flow)
Num dissector calls: 84 (42.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/nntp.pcap.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 6 (6.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 168 (168.00 diss/flow)
Num dissector calls: 167 (167.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/nordvpn.pcap.out
View file

@ -5,7 +5,7 @@ DPI Packets (UDP): 11 (5.50 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 2 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 602 (150.50 diss/flow)
Num dissector calls: 600 (150.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/6/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/ookla.pcap.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 40 (6.67 pkts/flow)
Confidence DPI (partial cache): 1 (flows)
Confidence DPI : 4 (flows)
Confidence DPI (aggressive) : 1 (flows)
Num dissector calls: 579 (96.50 diss/flow)
Num dissector calls: 573 (95.50 diss/flow)
LRU cache ookla: 4/2/2 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/openvpn.pcap.out
View file

@ -1,7 +1,7 @@
DPI Packets (TCP): 24 (8.00 pkts/flow)
DPI Packets (UDP): 24 (3.43 pkts/flow)
Confidence DPI : 10 (flows)
Num dissector calls: 1802 (180.20 diss/flow)
Num dissector calls: 1797 (179.70 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out
View file

@ -1,6 +1,6 @@
DPI Packets (TCP): 6 (6.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 162 (162.00 diss/flow)
Num dissector calls: 161 (161.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

2
tests/cfgs/default/result/openvpn_obfuscated.pcapng.out
View file

@ -4,7 +4,7 @@ DPI Packets (TCP): 34 (17.00 pkts/flow)
DPI Packets (UDP): 9 (9.00 pkts/flow)
Confidence Match by port : 2 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 688 (229.33 diss/flow)
Num dissector calls: 676 (225.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)

Some files were not shown because too many files have changed in this diff Show more