mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-03 01:10:17 +00:00
e6b332aa4a
In a lot of places in ndPI we use *packet* source/dest info (address/port/direction) when we are interested in *flow* client/server info, instead. Add basic logic to autodetect this kind of information. nDPI doesn't perform any "flow management" itself but this task is delegated to the external application. It is then likely that the application might provide more reliable hints about flow client/server direction and about the TCP handshake presence: in that case, these information might be (optionally) passed to the library, disabling the internal "autodetect" logic. These new fields have been used in some LRU caches and in the "guessing" algorithm. It is quite likely that some other code needs to be updated.
9 lines
660 B
Text
9 lines
660 B
Text
Guessed flow protos: 1
|
|
|
|
DPI Packets (TCP): 28 (28.00 pkts/flow)
|
|
Confidence Match by IP : 1 (flows)
|
|
Num dissector calls: 253 (253.00 diss/flow)
|
|
|
|
Google 28 9108 1
|
|
|
|
1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/TLS.Google][Encrypted][Confidence: Match by IP][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][Goodput ratio: 43/91][6.67 sec][bytes ratio: -0.668 (Download)][IAT c2s/s2c min/avg/max/stddev: 76/66 422/544 1185/1213 376/402][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/633 368/1484 87/622][PLAIN TEXT (@zgsiP)][Plen Bins: 8,8,0,8,0,8,0,0,0,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
|