Comments (5)
Please attach a pcap file that we can use to reproduce the issue
from ndpi.
Please tell how to make a pcap file. I just test this in my program, I add to a code a line like this:
printf("%u\t%u\t%u\t%u\t%d\n", ntohl(flow->lower_ip), ntohl(flow->upper_ip), flow->lower_port, flow->upper_port, flow->detected_protocol);
And show detected protocol to flows between my IP and login.icq.com. Sometimes (usually in initial connect) protocol detects as 69 (Oscar), and sometimes (usually after long idle, about some minutes) protocol is not detects. I show all traffic between those IP, not only 5190. Messages goes over 443 port.
from ndpi.
@Skryabind Sorry for the late reply. Please use wireshark to capture traffic of your ICQ connection, so that we can both see the beginning of the connection and also when the connection gets idle.
from ndpi.
- This is pcap file with connection process, Oscar detects correct: https://dl.dropboxusercontent.com/u/5135944/Github/icq_dump_connect_cut.cap
- This is pcap file with some messages only. traffic detects as SSL: https://dl.dropboxusercontent.com/u/5135944/Github/icq_dump.cap
This traffic is not encrypted, you can read a message "HI" by command tcpdump -n -r /root/icq_dump.cap -X | grep HI
from ndpi.
Implemented with 9d1e99a.
If you have a longer pcap with an initial longer session establishment i can try to extend the dissector.
For the time being i close the issue.
Thank You
from ndpi.
Related Issues (20)
- Please help filter iptables DNAT traffic with netfilter-ndpi module HOT 1
- The protocol of the connection, its port and IP version (if not IPv4). This is determined by analyzing the raw packets of the connection by using nDPI. The SNI (server name information) or DNS query, if available. Otherwise, the remote IP address HOT 1
- When will nDPI 4.10 be released? HOT 1
- Add First Packet Classification capability HOT 15
- ahocorasick: wrong match
- Potential incorrect detection as Telegram (TLS) HOT 4
- Segmentation fault while integrating with DPDK
- Installation from source code fails on macOS 13.5.2 HOT 1
- I suggest use red-black tree instead of binary search tree to store the flows. HOT 3
- Question about source of test files HOT 4
- Implement ndpi_fill_ip_domain_category HOT 1
- mqtt was identified as TLS HOT 6
- WSP Protocol support request HOT 4
- Compilation errors on MacOS-14 on ARM64 with external libraries
- DEBUG_TRACE Build fails due to domainSearchUnitTest()
- Add support for DTLS over TCP
- Typo in ndpi_utils.c "Attemot" HOT 4
- Add support for RTP/RTCP over TCP HOT 2
- Improve RTP detection HOT 4
- Wireshark reports an error after linking the nDPI HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ndpi.