From cb0e7ee507e0a08f47d515e78f1129538c42c648 Mon Sep 17 00:00:00 2001 From: 0xA50C1A1 Date: Wed, 27 Dec 2023 14:27:07 +0300 Subject: [PATCH 1/2] Remove Google Hangouts/Duo support --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 5 ++- src/lib/ndpi_main.c | 4 +-- src/lib/protocols/stun.c | 8 ++--- tests/cfgs/default/pcap/google_meet.pcapng | Bin 0 -> 9444 bytes .../default/result/google_meet.pcapng.out | 33 ++++++++++++++++++ tests/cfgs/default/result/stun.pcap.out | 6 ++-- .../default/result/stun_dtls_rtp.pcapng.out | 4 +-- .../result/stun_google_meet.pcapng.out | 14 ++++---- 9 files changed, 54 insertions(+), 22 deletions(-) create mode 100644 tests/cfgs/default/pcap/google_meet.pcapng create mode 100644 tests/cfgs/default/result/google_meet.pcapng.out diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index a7deb2b641c..5feb8812ca6 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -229,7 +229,7 @@ typedef enum { NDPI_PROTOCOL_MPEGTS = 198, NDPI_PROTOCOL_SNAPCHAT = 199, NDPI_PROTOCOL_SINA = 200, - NDPI_PROTOCOL_HANGOUT_DUO = 201, /* Google Hangout ad Duo (merged as they are very similar) */ + NDPI_PROTOCOL_GOOGLE_MEET = 201, NDPI_PROTOCOL_IFLIX = 202, NDPI_PROTOCOL_GITHUB = 203, NDPI_PROTOCOL_BJNP = 204, diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 24850c586cd..49f39f3b240 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -608,8 +608,8 @@ static ndpi_protocol_match host_match[] = { "app-measurement.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { ".app-measurement.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Google Hangout */ - { "images2-hangout-opensocial.googleusercontent.com", "GoogleHangout", NDPI_PROTOCOL_HANGOUT_DUO, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + /* Google Meet */ + { "meet.google.com", "GoogleMeet", NDPI_PROTOCOL_GOOGLE_MEET, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, /* Google Services */ { "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, @@ -1572,7 +1572,6 @@ static ndpi_tls_cert_name_match tls_certificate_match [] = { { "O=Riot Games, Inc.", NDPI_PROTOCOL_RIOTGAMES }, { "O=Riot Games Inc", NDPI_PROTOCOL_RIOTGAMES }, - { "CN=hangouts", NDPI_PROTOCOL_HANGOUT_DUO }, { "CN=Snapchat Inc.", NDPI_PROTOCOL_SNAPCHAT_CALL }, { "CN=NVIDIA GameStream", NDPI_PROTOCOL_GEFORCENOW }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0b9b2886402..9014ec28a6c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1770,8 +1770,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT_DUO, - "GoogleHangoutDuo", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GOOGLE_MEET, + "GoogleMeet", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 74dfc829bcb..c9bb7616697 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -274,7 +274,7 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "Realm [%s]\n", flow->host_server_name); if(strstr(flow->host_server_name, "google.com") != NULL) { - *app_proto = NDPI_PROTOCOL_HANGOUT_DUO; + *app_proto = NDPI_PROTOCOL_GOOGLE_MEET; return 1; } else if(strstr(flow->host_server_name, "whispersystems.org") != NULL || strstr(flow->host_server_name, "signal.org") != NULL) { @@ -307,7 +307,7 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, return 1; case 0xFF03: - *app_proto = NDPI_PROTOCOL_HANGOUT_DUO; + *app_proto = NDPI_PROTOCOL_GOOGLE_MEET; return 1; case 0x0013: @@ -582,7 +582,7 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd memcmp(&flow->c_address.v6, &pref2, sizeof(pref2)) == 0 || memcmp(&flow->s_address.v6, &pref1, sizeof(pref1)) == 0 || memcmp(&flow->s_address.v6, &pref2, sizeof(pref2)) == 0) { - app_proto = NDPI_PROTOCOL_HANGOUT_DUO; + app_proto = NDPI_PROTOCOL_GOOGLE_MEET; } } else { u_int32_t c_address, s_address; @@ -593,7 +593,7 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd (c_address & 0xFFFFFF00) == 0x8efa5200 || /* 142.250.82.0/24 */ (s_address & 0xFFFFFF00) == 0x4a7dfa00 || (s_address & 0xFFFFFF00) == 0x8efa5200) { - app_proto = NDPI_PROTOCOL_HANGOUT_DUO; + app_proto = NDPI_PROTOCOL_GOOGLE_MEET; } } } diff --git a/tests/cfgs/default/pcap/google_meet.pcapng b/tests/cfgs/default/pcap/google_meet.pcapng new file mode 100644 index 0000000000000000000000000000000000000000..536cfb5095faa02ab709e939d092f4f77665f8c8 GIT binary patch literal 9444 zcmb7}1z1~8*8dX{+}(@2Q@o+Y9ZHd6#fwwiin}{4E-miGiWCbj#ogVDyYmmb?>@Wx zd-wmm&rY6`xsyBhd~)WV`DW$@1sxql82|t%LRd(Eu=?qL3J5?9P_VFZcBABD=VRw( zbK~Q2dCBHxX!FVTBNwb67=R4Wuy8POG&gjxg0-K^v!7=l3jb3-_ksf;08DJ`_#HU` zuq%Kt0|3ze58tpZfAfI=tF50Kuu_wlODG^WizEj-em0q+a1@$P#~e;&;ulB&NdN%S z%OL^~K`@+z7HV#nwac0mfq{)TU5n?>SAT=^a>LpJ0N}vzHDEX-6vP>-y64Y>6Ev+w74JmFw(u=32f#GFRfg0-LRuM9Z(Uan_`e&>H=5CQIRF8-ZC00P3{00D3q zAkf67ExQISV+g6MfY4*T(0mIqIts$!v?!U5*=w`gG6-eY5FVq9UO4d$E^8HjN%Z@f zTTJac_Uk}>clUU@}o3I<(egdGv z&H?~5u=D7!^H^XI5*Q4G2O+`31CbCAfbQ z7cw*rssCqwH^VnXP45|4_}*nJAGE5)2=aiN{c9%au<}WKjY+>T*>sbTl)`>xUF`V?L#3rx9xC%ExC-ZjN|o6%U-KE`UWJXg z6nVPked;~DDA3C4m&A8D*ya7LmFdPQ^K{oHVvcLclVL`#mA*(+ZCq)mDQ}>s(1i2b zsO$6?clGQWhXjske6XXnCW>-$UfUxI+o5+vl^2fvZ#$@uIs6_%430@F#cE0Sh^8TS zj6WUzV>9(Hz9O3-N%-tAd~IxwxT#l(h9>4sBzVhCL!NCi{MM+`o>X7dmoq*rpTZ$& z-*rfnjyI!CFheJEEE5g)QLRIk98RzXsvM>RnLYEqBTdX*UlWDRru$?il!&OpeU5Hy z)8-0!)t-0H?(0#OKm;$QJ!bZv&A&X^4mF4=j;`pgCTzprdxhz>oT$TIucYS+h{mcR zqK>isyPR((gD=l1AG{b1Lqei?RXt~d_~D*&j$0#T1({XeqvhG|-dtVrwY^lQ>PYx(sdj{9Kyp(&CSvm*BEL(pt@Fn;`{9Ue5-! zJu$BFsK{ZiH2GVc-rHb|b}yV2mvBWF`?_^zsi||d(G}i*r_OnGJ$qPp zWjL`2|80yGMXefSO-rEofa5kXU)U{1OEFR3PiyT?cvU9GzEqN~7{X=w*eJ)uF0|N; zIxpWDAW{%Ta~4RUI~C7WUjS8{t91OC{6;OZt?uX><4(jc%Yj1l;(^~KA12@a&VAg; zELZ$h-lci)y>maYiRFlL8oKjqj6r&_NYku~SXt{_VzGylbg5mT6ZxozUl&d`WZ;do zG}C=(9^2UodBdO)xNEDr0$@MHLNmqm*7sok+Pwgd<0#FlLbLIh^-0+he6ZrDf+^tOTjp794TQZpxemq>fjPB98ujIfOHLT#S;m zK#C59>5nm1f|*A^Tu$8B+y+KjvLL0FO9EuRf?wG!jsS#1rWDRd z->B4nc7^wPqj(1!85k6YLHVjUY#X*|n$k-;RIcl8-^_F@rbB#jg;GjPGMYo@~wQSn9iHW2q}AQr<({| zW0FDdBt&5wm1`5D%uuD_NNa|uVc%VAwKO8dw8m#?n ze_gwPA2pj{YZvSR_kXNiws(Pz;64264wx4pQUDP{H#*|sD*!-ZWM1FuMYc|g%0L67 za8$L6dNWoFQH$QD{)0ny+WY|YE~yiuJEbewnElpny}gJ%W7uum`|1&~k5-sw``DH)%7CvU`UJf$+Z+I2Wm( z+dMh9VqvLTS=m-%;nhmZ;n3iG5nz<`i0*hJt`8R7*#~U4ARlNF9l3(KDtogM}g*}5s*=BZ@_9=hDQs=u(nbpN-=?u&0 z+HO-lrNtvb=OZ7X7oXvGp+d{o6QFqooh|Z8fVtDu8KV!;b(rSuQk-chwc*a$4rNKa zs8La65M-i0xy*{3;K*stE=*lHW7Fu5EVT_>-gme(UCmN?FV0a>Be@RIWiro6Mn6R9 z+_nB|$^eCl)Afzz6q}Yb4VZK>g{G*&8O`L_81Bt}aN#UEI z!T8Z+O-}#j*4)rp%xy{>b)KahSMvRPLph+CLEB{;pu4|Dzcz)SDPWzOgf_%0fWf#e z%JPkW-(|HFfsnpGld`nqG|Vw&Gw##s&DS__&!JwT8>$a> z&!sJwJ8VQ2U7D?L5IMnE9n1Rj`|(!9v-e{wd*_C%sbdJZa&CA)9!eC13&@X>;@LB; zx{}Rg6bwV%Vd{yvR2dy%!8r>N=7^7nz=w92?%c5);qf1-k@^sW`= zP#{DOJ)oMdxYHU3p6 z0|k86ZKr8a+&&pk{;qhc8$pW@UPkScVWB1{VrGiL*|!6EWs{`T_ZID(@g$}u>dRN- z?MP3W<)k@NvF>{b1-~A^jbqI^JnLt15(}5!_@NtxdsCvOzF`t$Ap(5NJxw8irbL>W z<5d=A>G*_kTh&MUt#AP28+1lm4&dx=s{-4Jfht0 zmT8<-U&u_-VKIAY$(;Og%~O!VI9Vc$-Q!5veu5$^zg6Lj0*@Iu1P;@2{_YBM6ms7> zrdj`oW}xcGhf6Dgr&Vl?*47+-zB!$2Y|czOD}cxFXSh8v%8F~!<0-cg5%&j*>`1Qn zjcljgfAkFAq<$QaERwWg!7`>@kh#QJGQimMgtj`_gAMVpk*C&f#DAjrxWu~aPe>tl z|5i0j9Ew;h9f2~)6Aqqs&tP4;X4(q)S{OcSbujo501yGZ!e$ou z=Q?z(v{i^dKobF(XNWhe&bSm^<>PY#&O_v96hR&k6>y@ea}=1xuR<0 z*Y-OF4{C0dN##Alu{1Ici@JyWxa#YYoU3WNGtkzF4NV3{iNl`84#VT914#kKj{-an zO{z;%^)!}-gg&CQccWnUFje-UaKYjegA}~3&3xk0TH4=J%=eZAI;<4I6|wh4iJ9Sc z(otBimk~HOa;dc_8I%N4R0x?+*T$ijv8?O@CvwW0E(z@~8^&|z^ocb=l+GE1hZFmk zdfbt2M~q4WS;2MACR80aBh>ZC0rm3tMO-H5hhS_*lR?Hz(emX@iC>GRpEE(a=SaB& zs50V2EpOSg_Jh#;6xaoDTp26drK~#3MEmgz$u4Dg6TNy}YkL;4PtEye2kg$+FvzZ^ zvxLM>9tL^rB^OpXr zbcfO>JgatFJ)n19^ki3kZBGzNZnOo;ZJ%zKvfdQr`@&JV2xf)-yUfparf^nctV=3L z0CUQnON^@|_U7RR!hMSnM?!a*n=muC_9SK!+qN@}dt4&uBKGY5+c?OKe0k>UVdM9z zI1;O6z-`(kF=oP9G=!`7bR#Pw0mPccLObhQpGzxJuu#+Q1%F&!fynK(!2B6<;(XiP zIA9#fv+6xfr{W&TO-yLg7!&^5?i;p@14G28^7fn^gA3sK6+-mevJ`(%rgJqC_YkE0 z@p9Qx(Y#vKcRLQVD>>{wm#1TQu4(3LSarkZaCv;Y9srojV35f4F7X3^hVAg_+{EQT z@OF(Z>*EfBk4@2KNyMgVq~BS`i%GZD-8pcsx+?Baxa7rx2B^tqa;pfhd!miEVdu28 zii&)d0e1}Ph9_|=`uYufn2t!>bpaEr?C!$>v)2J8kZoM;RyRqg~dMr*P@tq8?>;$8QEZK9S?KG z;$S!P;R_oFu3#&)J0x##XuD@x@&;EWy~2xI^?)w{5|50>UcyBQyCADUzULrtR#C-x z0&MF##*mWHip)ZB>PGPbgh=30tx#1D)viblmI@h?);j5bf5He;{g%^(St?4(oA$M^NC`jt&;@Hyj3L-#NXplb&}d9MsU-C-|2$IMU55}0gB(RAL(RDe#CiXw-`_SnZ`1us zv^9_UKWSx4w)B6km4tdn|E`r1qm5A#lUntiR#Nxdear`A$p@c8#MWh2aX*R@Ha_l; z4>U6h!vP>Tg&cpVAT!RIsP7-I@>j9 zJmv^(OtH2@tz6*2Esr|R^X%vdkvjT787~>m2gL*aE?9X*E;RorYNN*t+n(84up{S_ zNL@&Ne#7uVP1cvMPZFfMrROoBu6rC>ZTC?VJ6~DUlVu$wR5}$GmI{K#Ho6T-ZG7V| zun~J7P`=h}7GIWJAe_FnYCK|8AoF`89r?nw$1SDw!Sb$u`vR4^I_3O6Y+*(^IEhlV zI^v;^NG5F^;%XSq->Yt`#lVE28#Cu>C$=j(?bNuDz(~!Q>u68#D#ZL@zs*=Ic%%{) zOZ590q(rx_38}*IB84Loo4RS# z3HRfYt9~hBftJ7KcBmA%qTYFu{d`H1Q+=s_FZSL)HEd%hOCp_0KLdhV$&y173$R&v zy0l?KR_xoP_N9m%VNJDtCqKjkq7Ye`HJYg*Be)Ha9&Qzj>bZ``%{a*Fz(8~BM2q2- z>Gln8o16vwFzqhXG|3^Egq&Q_-{ao&C3C#UT<}B8Zo0)fiFVGWh9}D0*a;@pw!uhT zqpC=DLA${43YwNQ)DR<`)|bOmE&uF?w0`${g`e2f!{;KSAS~KclH$8}wvNuVtXEH} zPm-z(C%kCJK_uzOxUe@*NZxW}krnofK}9mol6{c@J2GI8C6CrZp^~?h|-8U^NxL6JO+^P!WZiR2gHomCo9;-jgFQpC92q}uqsSYmH7KL_i> zI?Q^X5vE^VVL_p57n?S}6vLP#Xz5NA_Ljzr+e0WW`AgU-o*0zPs0vm;2R9Df${;GXV#d3_YV(91CVEAx9B1VW9A${fvZ0E8JwN9<2sq2BCB>M6Tn+v&rDgj8vyY6`frmf$#FjCnK?U%BU>muYV4B zQb3v>j6|s%yV10`e}u;#+|l_Sj#1O++!g~l`W7L*HdYwT)reotC3r&roy3xjW0L zY6xi}GtqDrde3*HUa@zrq|;+L?m-a;3Q zG!)jH_zm53Ca>9jM9?Ex!&WF||LFToe+=8JR1UN_OEh%Jzx#R<8kI(7F0m%&jGb6G zkVy?Ht2yCmbT%%qetjB&_SC%udQG6|HrrJYeQ#ekqKu6Zw{frr;uLT`y@QSibmrn> z3j9Q^-z^(!8VeGS3o3>?EhmvB8u(Cv=+$F~Eyeex|_34CSqS3nYCR8e>2;3O zDwM`bnVxX4XnFS&7fbj=A0KjW3g7Ef zd0Bd;f?az7J^#as#jBr__g-hI5{OJJS8?$Z>8)>}WW3WO$xFLWI2IiXyQ=jg>n#jb z^oS~U>xBgFVj*}u z={`!J_*?S_ltm3|^)ZUzMyMy|&9CD`+Rsv=M#7aBF~?%(=uc}bl^~Owg`$EMhloP%qC>=UbjHA{NezBXPcOn4HDq z4NM`Un42Z<%RnNeTQRmapXpdVJhcbiN0wblSaR3{)&%12^UV}IwaF;gn9MGWL4kLo zo{nTQ0i|u0*yn?F+5}}C=8AUTc|W2Lm@ot^4yDM*>RH?b1HUQ@lU3Xw(7bOV_-W7- zg^fnVAG$D?j>Av-gK=8tHw2ARjsx9k#I)@^hy3g?K-aeUGL*c93TpgHWf_Tqb^M7) zh3spr-q&8dSpKaciJ{=mK7#&Q8I-dl3Jm7Si>ZewpKQdf{AN-7*d|04-;bTycOMvg zPdJ>}PTMA&3ZdU#$KIRKDZI0dDwIe}bU(RiUE#6dN3VjYUILz=6!9^iC;S$KuvF66 zSLhzALA&1GL~oPAT0dL~xU$*}?6M_W_Cmj$TRo77S4>tPU+J8_%vzURTp=rke~D|jP})O`yUU;P zWiS@IqW!(XJH+*u9&ZM9<{rpuq`Brbx3YhVQhsFq^G7X5AVwqMEM&1Avjh3{`MwEp zz4YyXnA#Y~ci`y$76YRV^bf6cf+^i|dHyd-uSgOW7<6;njmID%NIO3iLl9uT*@1^?GLgb>H8vp+xlG?)%kK zR-c*w-1ke2PFlZ2To`ek+p=P6?*ltlX-`({m!q5+`)AQG0?z`aOg-2AePTWgXMS=` zu&5pFtYiy{jhya)_uZ+`<9Inm>@Eq$@1`b~NYo+qqsnF*=%UR?`u5@%)U;`RXf5

EUJ;vjBlz?cMiF0D|Nt0Z7l z+PXj@edZb{0UT6wI-oAwF*>p3FPdzzON1+%7h*V2VwFv{@Ts9*}aXocdu!$ z_AxhG(jHTp@Dj}DScQ`MeL+rxWp%5oaad)~Ms$q_LG_YeTPJJ$DmJQFg!t<0-fZzV zGM}^17F);Flh=p|p>s=ZLimH1rXeaN8EHiKv6;f}j~*q=)aC}$xl-^CaKU;kZT+DQ z$HhU%wb4IL#6?J}r;o9S$|O-(!IIO&5*t^Y=PJnqlc#j>?Zj@ZnS7*;<`E_4NX6dc zFYk=3P3us#%MbS392^I{WTotq5K5cM1R{akL=HGi=&yOho!TBIJL!+7CM;ONQs zDJ_n_m(C&_w>b?S*TXfexj-F{7tSF(T;?tfVGOW!QfyToXq=#3amefU=OGF?c3~ z=rpn2-Ly)@Uc`ak?>{AzD3*s-4)>)+fW&59SI$S+iVz=*WHUQ7>a-N1LOhx+dxF^5 z5$A_U4XL>ppPSSoM~tP_&($&zdhiQ7&7_8T=7R_9aNlcXiioba>GDWN_*BQ zeehqlALMrNo@kBvHja`lgRbMI~0>SVn}pzxLXYM@-B1PF`PjG+ zCF2v|$dC_y&I&l*tvU(@aD~t%hRlyS)ZkZ6&UfB9gg?zH)5`mNuF8%2&SQf~x^6JE zr5Q7!PbPSC3 173.194.73.101:443 [proto: 188.201/QUIC.GoogleMeet][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Chat/9][2 pkts/1373 bytes <-> 4 pkts/5168 bytes][Goodput ratio: 94/97][0.04 sec][Hostname/SNI: meet.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/17 18/6 18/17 0/8][Pkt Len c2s/s2c min/avg/max/stddev: 81/1292 686/1292 1292/1292 606/0][TLSv1.3][QUIC ver: V-1][JA3C: 86ba0adabbe377daf6b620f07b59b45c][JA4: q13d0311h][ECH: version 0xfe0d][PLAIN TEXT (w.ZLst)][Plen Bins: 0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0,0,0,0] + 2 TCP 192.168.88.231:43268 <-> 173.194.73.101:443 [proto: 91.201/TLS.GoogleMeet][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Chat/9][3 pkts/741 bytes <-> 3 pkts/1606 bytes][Goodput ratio: 72/87][0.03 sec][Hostname/SNI: meet.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.369 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/8 16/16 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/535 601/1466 250/658][TLSv1.3][JA3C: f97d8fcbd3d1517f7bf0d2c536a503a1][JA4: t00d1516h2_8daaf6152771_02713d6af862][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index f068b18765b..346e3453451 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -27,7 +27,7 @@ DTLS 4 766 1 Skype_TeamsCall 15 2124 1 STUN 62 7620 2 ICMP 1 122 1 -GoogleHangoutDuo 41 7228 2 +GoogleMeet 41 7228 2 FacebookVoip 75 10554 1 JA3 Host Stats: @@ -36,10 +36,10 @@ JA3 Host Stats: 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] 3 UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 10.77.110.51:41588 <-> 10.206.50.239:42000 [VLAN: 1611][proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][7 pkts/1006 bytes <-> 8 pkts/1118 bytes][Goodput ratio: 58/57][1.05 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 189/134 369/399 144/153][Pkt Len c2s/s2c min/avg/max/stddev: 70/64 144/140 164/172 31/43][Plen Bins: 0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 4][cat: VoIP/10][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 4][cat: VoIP/10][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][DPI packets: 4][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][DTLSv1.2][JA3C: 3e12a43c7535bb32beac3928f8fe905d][JA4: t00d0808we_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 ICMP 192.168.12.169:0 -> 74.125.247.128:0 [proto: 81/ICMP][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/122 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (62NfUD5)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out index 3e604bb41f1..7046bf501f9 100644 --- a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out +++ b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out @@ -21,6 +21,6 @@ Patricia risk IPv6: 0/0 (search/found) Patricia protocols: 1/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) -GoogleHangoutDuo 39 8413 1 +GoogleMeet 39 8413 1 - 1 UDP 192.168.12.156:37967 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][25 pkts/4202 bytes <-> 14 pkts/4211 bytes][Goodput ratio: 75/86][0.88 sec][bytes ratio: -0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/35 203/107 47/36][Pkt Len c2s/s2c min/avg/max/stddev: 103/82 168/301 587/1245 125/320][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (ShSURJhNF)][Plen Bins: 0,5,47,30,2,0,0,0,0,0,0,0,0,2,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.12.156:37967 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][25 pkts/4202 bytes <-> 14 pkts/4211 bytes][Goodput ratio: 75/86][0.88 sec][bytes ratio: -0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/35 203/107 47/36][Pkt Len c2s/s2c min/avg/max/stddev: 103/82 168/301 587/1245 125/320][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (ShSURJhNF)][Plen Bins: 0,5,47,30,2,0,0,0,0,0,0,0,0,2,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_google_meet.pcapng.out b/tests/cfgs/default/result/stun_google_meet.pcapng.out index a28cebc0343..b33ebd3cb76 100644 --- a/tests/cfgs/default/result/stun_google_meet.pcapng.out +++ b/tests/cfgs/default/result/stun_google_meet.pcapng.out @@ -22,11 +22,11 @@ Patricia risk IPv6: 0/0 (search/found) Patricia protocols: 6/6 (search/found) Patricia protocols IPv6: 0/0 (search/found) -GoogleHangoutDuo 214 33707 6 +GoogleMeet 214 33707 6 - 1 UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI (cache)][DPI packets: 3][cat: Network/14][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI (cache)][DPI packets: 3][cat: Network/14][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleHangoutDuo][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI (cache)][DPI packets: 3][cat: Network/14][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI (cache)][DPI packets: 3][cat: Network/14][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] From 27de6b33cdd990c555abea325e10f5cda17a0660 Mon Sep 17 00:00:00 2001 From: 0xA50C1A1 Date: Tue, 2 Jan 2024 15:06:04 +0300 Subject: [PATCH 2/2] Update protocols.rst --- doc/protocols.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/protocols.rst b/doc/protocols.rst index a1a89115e63..470103082e8 100644 --- a/doc/protocols.rst +++ b/doc/protocols.rst @@ -31,6 +31,16 @@ A Remote Procedure Call protocol over HTTP from Microsoft. References: `Protocol Specs: `_. + + .. _Proto 338: `NDPI_PROTOCOL_SRTP`