Skip to content

Commit

Permalink
Simplify the report of streaming multimedia info (ntop#2026)
Browse files Browse the repository at this point in the history 
The two fields `flow->flow_type` and `flow->protos.rtp.stream_type` are
pretty much identical: rename the former in `flow->flow_multimedia_type`
and remove the latter.
  • Loading branch information
@IvanNardi
IvanNardi authored Jun 26, 2023
1 parent 3a1600f commit 88425e0
Show file tree
Hide file tree
Showing 11 changed files with 24 additions and 95 deletions.
30 changes: 0 additions & 30 deletions example/ndpiReader.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1707,36 +1707,6 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
}
}
break;

case INFO_RTP:
if(flow->rtp.stream_type != rtp_unknown) {
const char *what;

switch(flow->rtp.stream_type) {
case rtp_screen_share:
what = "screen_share";
break;

case rtp_audio:
what = "audio";
break;

case rtp_video:
what = "video";
break;

case rtp_audio_video:
what = "audio/video";
break;

default:
what = NULL;
break;
}

if(what)
fprintf(out, "[RTP Stream Type: %s]", what);
}
}

if(flow->ssh_tls.advertised_alpns)
Expand Down
7 changes: 1 addition & 6 deletions example/reader_util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1273,11 +1273,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
ndpi_snprintf(flow->kerberos.username,
sizeof(flow->kerberos.username),
"%s", flow->ndpi_flow->protos.kerberos.username);
}
/* RTP */
else if(is_ndpi_proto(flow, NDPI_PROTOCOL_RTP)) {
flow->info_type = INFO_RTP;
flow->rtp.stream_type = flow->ndpi_flow->protos.rtp.stream_type;
/* COLLECTD */
} else if(is_ndpi_proto(flow, NDPI_PROTOCOL_COLLECTD)) {
flow->info_type = INFO_GENERIC;
Expand Down Expand Up @@ -1372,7 +1367,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
}
}

flow->multimedia_flow_type = flow->ndpi_flow->flow_type;
flow->multimedia_flow_type = flow->ndpi_flow->flow_multimedia_type;

/* HTTP metadata are "global" not in `flow->ndpi_flow->protos` union; for example, we can have
HTTP/BitTorrent and in that case we want to export also HTTP attributes */
Expand Down
5 changes: 0 additions & 5 deletions example/reader_util.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,6 @@ enum info_type {
INFO_TIVOCONNECT,
INFO_FTP_IMAP_POP_SMTP,
INFO_NATPMP,
INFO_RTP
};

// flow tracking
Expand Down Expand Up @@ -282,10 +281,6 @@ typedef struct ndpi_flow_info {
ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher;
} ssh_tls;

struct {
enum ndpi_rtp_stream_type stream_type;
} rtp;

struct {
char url[256], request_content_type[64], content_type[64], user_agent[256], server[128], nat_ip[32];
u_int response_status_code;
Expand Down
14 changes: 1 addition & 13 deletions src/include/ndpi_typedefs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1363,14 +1363,6 @@ struct ndpi_risk_information {
char *info;
};

enum ndpi_rtp_stream_type {
rtp_unknown = 0,
rtp_audio,
rtp_video,
rtp_audio_video,
rtp_screen_share
};

struct ndpi_flow_struct {
u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];

Expand Down Expand Up @@ -1453,7 +1445,7 @@ struct ndpi_flow_struct {
char *nat_ip; /* Via HTTP X-Forwarded-For */
} http;

ndpi_multimedia_flow_type flow_type;
ndpi_multimedia_flow_type flow_multimedia_type;

/*
Put outside of the union to avoid issues in case the protocol
Expand Down Expand Up @@ -1484,10 +1476,6 @@ struct ndpi_flow_struct {
char ptr_domain_name[64 /* large enough but smaller than { } tls */];
} dns;

struct {
enum ndpi_rtp_stream_type stream_type;
} rtp;

struct {
u_int8_t request_code;
u_int8_t version;
Expand Down
8 changes: 4 additions & 4 deletions src/lib/ndpi_main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6097,13 +6097,13 @@ static int ndpi_reconcile_msteams_call_udp_port(struct ndpi_detection_module_str
*/

if((dport == 3478) || (dport == 3479) || ((sport >= 50000) && (sport <= 50019)))
flow->flow_type = ndpi_multimedia_audio_flow;
flow->flow_multimedia_type = ndpi_multimedia_audio_flow;
else if((dport == 3480) || ((sport >= 50020) && (sport <= 50039)))
flow->flow_type = ndpi_multimedia_video_flow;
flow->flow_multimedia_type = ndpi_multimedia_video_flow;
else if((dport == 3481) || ((sport >= 50040) && (sport <= 50059)))
flow->flow_type = ndpi_multimedia_screen_sharing_flow;
flow->flow_multimedia_type = ndpi_multimedia_screen_sharing_flow;
else {
flow->flow_type = ndpi_multimedia_unknown_flow;
flow->flow_multimedia_type = ndpi_multimedia_unknown_flow;
return(0);
}

Expand Down
37 changes: 9 additions & 28 deletions src/lib/protocols/rtp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ int is_valid_rtp_payload_type(uint8_t type)
return 1;
}

u_int8_t rtp_get_stream_type(u_int8_t payloadType, enum ndpi_rtp_stream_type *s_type)
u_int8_t rtp_get_stream_type(u_int8_t payloadType, ndpi_multimedia_flow_type *s_type)
{
switch(payloadType) {
case 0: /* G.711 u-Law */
Expand All @@ -67,26 +67,26 @@ u_int8_t rtp_get_stream_type(u_int8_t payloadType, enum ndpi_rtp_stream_type *s_
case 116: /* G.726 */
case 117: /* G.722 */
case 118: /* Comfort Noise Wideband */
*s_type = rtp_audio;
*s_type = ndpi_multimedia_audio_flow;
return(1 /* RTP */);

case 34: /* H.263 [MS-H26XPF] */
case 121: /* RT Video */
case 122: /* H.264 [MS-H264PF] */
case 123: /* H.264 FEC [MS-H264PF] */
case 127: /* x-data */
*s_type = rtp_video;
*s_type = ndpi_multimedia_video_flow;
return(1 /* RTP */);

case 200: /* RTCP PACKET SENDER */
case 201: /* RTCP PACKET RECEIVER */
case 202: /* RTCP Source Description */
case 203: /* RTCP Bye */
*s_type = rtp_unknown;
*s_type = ndpi_multimedia_unknown_flow;
return(2 /* RTCP */);

default:
*s_type = rtp_unknown;
*s_type = ndpi_multimedia_unknown_flow;
return(0);
}
}
Expand Down Expand Up @@ -146,19 +146,19 @@ static u_int8_t isZoom(struct ndpi_flow_struct *flow,
case 30: /* Screen Share */
*is_rtp = 0;
*payload_offset = 27;
flow->flow_type = ndpi_multimedia_screen_sharing_flow;
flow->flow_multimedia_type = ndpi_multimedia_screen_sharing_flow;
break;

case 15: /* Audio */
*is_rtp = 1;
*payload_offset = 27;
flow->flow_type = ndpi_multimedia_audio_flow;
flow->flow_multimedia_type = ndpi_multimedia_audio_flow;
break;

case 16: /* Video */
*is_rtp = 1;
*payload_offset = 32;
flow->flow_type = ndpi_multimedia_video_flow;
flow->flow_multimedia_type = ndpi_multimedia_video_flow;
break;

case 33: /* RTCP */
Expand Down Expand Up @@ -265,25 +265,6 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
payload = &payload[payload_offset];
*/

switch(zoom_stream_type) {
case 13: /* Screen Share */
case 30: /* Screen Share */
flow->protos.rtp.stream_type = rtp_screen_share;
break;

case 15: /* Audio */
flow->protos.rtp.stream_type = rtp_audio;
break;

case 16: /* Video */
flow->protos.rtp.stream_type = rtp_video;
break;

default:
flow->protos.rtp.stream_type = rtp_unknown;
break;
}

/* printf("->>> %u\n", zoom_stream_type); */

ndpi_set_detected_protocol(ndpi_struct, flow,
Expand Down Expand Up @@ -312,7 +293,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
} else if(flow->l4.udp.epicgames_stage > 0) {
/* It seems that it is a EpicGames stuff; let its dissector to evaluate */
} else {
rtp_get_stream_type(payload[1] & 0x7F, &flow->protos.rtp.stream_type);
rtp_get_stream_type(payload[1] & 0x7F, &flow->flow_multimedia_type);

/* Previous pkts were STUN */
if(flow->stun.num_binding_requests > 0 ||
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ RTP 1330 182702 1
SIP 92 52851 3
Megaco 130 23570 1

1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][RTP Stream Type: audio][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 10.35.40.22:2944 <-> 10.23.1.42:2944 [proto: 181/Megaco][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][65 pkts/7788 bytes <-> 65 pkts/15782 bytes][Goodput ratio: 65/83][109.25 sec][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1409/1356 4370/4370 1953/1909][Pkt Len c2s/s2c min/avg/max/stddev: 77/101 120/243 583/561 107/94][PLAIN TEXT (555282713)][Plen Bins: 0,48,0,23,0,1,1,21,0,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 10.35.60.72:5060 <-> 10.35.60.100:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/6627 bytes <-> 12 pkts/6609 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/19 7451/3699 27579/17188 10544/5458][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ SIP 85 39540 15
3 UDP 192.168.1.2:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][71 pkts/6532 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1527.12 sec][Hostname/SNI: eci_domain][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 741/0 20522/0 93225/0 24163/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EFEDEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.1.2:2720 <-> 147.234.1.253:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 25][cat: Download/7][11 pkts/624 bytes <-> 14 pkts/1080 bytes][Goodput ratio: 4/27][0.32 sec][Hostname/SNI: proftpd][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/7 115/18 38/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 57/77 70/113 5/19][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (220 ProFTPD Server In ECI Telec)][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.1.2:5060 -> 212.242.33.35:17860 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: VoIP/10][1 pkts/1118 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (INVITE six)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][5 pkts/1070 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.05 sec][RTP Stream Type: audio][PLAIN TEXT (goxcffj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][5 pkts/1070 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.05 sec][PLAIN TEXT (goxcffj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.1.2:68 <-> 192.168.1.1:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes <-> 1 pkts/590 bytes][Goodput ratio: 87/93][0.00 sec][Hostname/SNI: d002465][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,43][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (002465Q)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 192.168.1.41:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][4 pkts/891 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][665.91 sec][Hostname/SNI: lab111][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EMEBECDBDBDBCACACACACACACACACA)][Plen Bins: 0,0,0,0,0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 192.168.1.2:5060 -> 200.68.120.81:4932 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/rtp.pcapng.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,4 @@ Discord 30 16092 1
RTP 30 2181 1

1 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][RTP Stream Type: audio][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/sip.pcap.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,5 @@ RTCP 1 146 1

1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][53 pkts/21940 bytes <-> 31 pkts/15635 bytes][Goodput ratio: 90/92][1521.57 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 158/13 25541/22026 150200/89874 25265/23489][Pkt Len c2s/s2c min/avg/max/stddev: 47/342 414/504 1118/711 343/85][PLAIN TEXT (REGISTER sip)][Plen Bins: 26,0,0,0,0,0,0,0,0,4,8,0,2,4,13,17,0,0,3,0,1,10,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][15 pkts/7568 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][67.09 sec][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 4746/34556 32608/34556 8188/0][Pkt Len c2s/s2c min/avg/max/stddev: 389/637 505/648 864/656 180/8][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,5,62,0,0,0,0,0,0,5,11,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][RTP Stream Type: audio][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/146 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11894297)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Loading

0 comments on commit 88425e0

Please sign in to comment.