mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-04 18:00:17 +00:00
efccc7d5e4
Right now, there is, in essence, a static mapping between flow protocols and flow breeds. Make it dynamic: allow to have different flows, with the same classification but differents breeds. This is the same logic that we already have for categories.... Preliminary work to support breed in category lists. API change from the app POV: to get the flow breed don't use anymore `ndpi_get_proto_breed()`, but access directly `struct ndpi_proto->breed` The functions `ndpi_domain_classify_*()` and `ndpi_get_host_domain_suffix()` now have a `u_int32_t` parameter as `class_id` (instead of `u_int_16_t`), with the following logic: ``` class_id = (breed << 16) | category ``` instead of the old: ``` class_id = category ``` Please note that this change is back-compatible: if you are not interested into breeds, you don't need to update the application code.
50 lines
5.2 KiB
Text
50 lines
5.2 KiB
Text
Guessed flow protos: 4
|
|
|
|
DPI Packets (TCP): 18 (2.57 pkts/flow)
|
|
Confidence Unknown : 3 (flows)
|
|
Confidence Match by port : 4 (flows)
|
|
Num dissector calls: 0 (0.00 diss/flow)
|
|
LRU cache ookla: 0/0/0 (insert/search/found)
|
|
LRU cache bittorrent: 0/21/0 (insert/search/found)
|
|
LRU cache stun: 0/0/0 (insert/search/found)
|
|
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
|
LRU cache mining: 0/7/0 (insert/search/found)
|
|
LRU cache msteams: 0/0/0 (insert/search/found)
|
|
LRU cache fpc_dns: 0/7/0 (insert/search/found)
|
|
Automa host: 0/0 (search/found)
|
|
Automa domain: 0/0 (search/found)
|
|
Automa tls cert: 0/0 (search/found)
|
|
Automa risk mask: 0/0 (search/found)
|
|
Automa common alpns: 0/0 (search/found)
|
|
Patricia risk mask: 0/0 (search/found)
|
|
Patricia risk mask IPv6: 0/0 (search/found)
|
|
Patricia risk: 0/0 (search/found)
|
|
Patricia risk IPv6: 0/0 (search/found)
|
|
Patricia protocols: 14/0 (search/found)
|
|
Patricia protocols IPv6: 0/0 (search/found)
|
|
|
|
Unknown 6 342 3
|
|
HTTP 4 272 1
|
|
SMBv23 2 138 1
|
|
RDP 2 118 1
|
|
TLS 4 272 1
|
|
|
|
Unrated 6 342 3
|
|
Safe 4 272 1
|
|
Acceptable 8 528 3
|
|
|
|
Unspecified 6 342 3
|
|
Web 8 544 2
|
|
RemoteAccess 2 118 1
|
|
System 2 138 1
|
|
|
|
1 TCP 192.168.1.178:56272 <-> 192.168.1.2:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][Breed: Acceptable][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (client)][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
2 TCP 192.168.1.178:56273 <-> 192.168.1.2:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][Breed: Safe][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (client)][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
3 TCP 192.168.1.178:56274 <-> 192.168.1.2:445 [proto: 41/SMBv23][Stack: SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/78 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
4 TCP 192.168.1.178:43067 <-> 192.168.1.2:3389 [proto: 88/RDP][Stack: RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Desktop/File Sharing **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: TCP probing attempt / Connection refused (server) / Found RDP][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
|
|
|
|
Undetected flows:
|
|
1 TCP 192.168.1.178:57916 <-> 192.168.1.2:3391 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][Breed: Unrated][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / TCP NULL scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
2 TCP 192.168.1.178:62971 <-> 192.168.1.2:3390 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][Breed: Unrated][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / TCP FIN scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
3 TCP 192.168.1.178:63243 <-> 192.168.1.2:3392 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][Breed: Unrated][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / TCP XMAS scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|