vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 08:50:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/tests/result/avast.pcap.out
Ivan Nardi a7c2734b38
Remove classification "by-ip" from protocol stack (#1743) 
Basically:
* "classification by-ip" (i.e. `flow->guessed_protocol_id_by_ip` is
NEVER returned in the protocol stack (i.e.
`flow->detected_protocol_stack[]`);
* if the application is interested into such information, it can access
`ndpi_protocol->protocol_by_ip` itself.

There are mainly 4 points in the code that set the "classification
by-ip" in the protocol stack:  the generic `ndpi_set_detected_protocol()`/
`ndpi_detection_giveup()` functions and the HTTP/STUN  dissectors.

In the unit tests output, a print about `ndpi_protocol->protocol_by_ip`
has been added for each flow: the huge diff of this commit is mainly due
to that.

Strictly speaking, this change is NOT an API/ABI breakage, but there are
important differences in the classification results. For examples:
* TLS flows without the initial handshake (or without a matching
SNI/certificate) are simply classified as `TLS`;
* similar for HTTP or QUIC flows;
* DNS flows without a matching request domain are simply classified as
`DNS`; we don't have `DNS/Google` anymore just because the server is
8.8.8.8 (that was an outrageous behaviour...);
* flows previusoly classified only "by-ip" are now classified as
`NDPI_PROTOCOL_UNKNOWN`.

See #1425 for other examples of why adding the "classification by-ip" in
the protocol stack is a bad idea.

Please, note that IPV6 is not supported :(  (long standing issue in nDPI) i.e.
`ndpi_protocol->protocol_by_ip` wil be always `NDPI_PROTOCOL_UNKNOWN` for
IPv6 flows.

Define `NDPI_CONFIDENCE_MATCH_BY_IP` has been removed.

Close #1687
2022-09-20 22:24:47 +02:00

33 lines
5.4 KiB
Text
Raw Blame History

Guessed flow protos: 0
DPI Packets (TCP): 40 (4.00 pkts/flow)
Confidence DPI : 10 (flows)
Num dissector calls: 1230 (123.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
Automa host: 0/0 (search/found)
Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 20/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia protocols: 30/20 (search/found)
AVAST 142 9433 10
1 TCP 192.168.2.100:62741 <-> 5.62.53.131:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/543 bytes <-> 7 pkts/512 bytes][Goodput ratio: 18/20][569.69 sec][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63304/75961 189840/189839 89445/92978][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/73 150/140 31/28][Plen Bins: 67,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.2.100:64903 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/583 bytes <-> 7 pkts/432 bytes][Goodput ratio: 24/4][1385.80 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171484/205784 356850/356863 172007/168697][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/62 150/70 32/3][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.2.100:49532 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][797.30 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99700/119575 199551/199551 99662/97621][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.2.100:49758 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][1284.92 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 160593/192744 321174/321337 160514/157360][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.2.100:57727 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][853.64 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 106683/128066 213347/213516 106625/104544][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.2.100:58030 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][996.22 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 124526/149430 249046/249046 124489/121997][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 192.168.2.100:64357 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][749.40 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 93674/112408 187336/187342 93637/91768][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 192.168.2.100:64701 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][792.06 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99006/118807 198003/198005 98970/96994][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 192.168.2.100:58412 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][5 pkts/379 bytes <-> 7 pkts/432 bytes][Goodput ratio: 26/4][587.81 sec][bytes ratio: -0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 46818/139938 187142/372483 81016/154492][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/62 150/70 37/3][Plen Bins: 66,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 192.168.2.100:54405 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][4 pkts/324 bytes <-> 6 pkts/372 bytes][Goodput ratio: 30/4][145.35 sec][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 48/95869 109/369424 45/158040][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/62 150/70 40/4][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink