Documentation
¶
Overview ¶
Package types contains the basic types used by the library.
Index ¶
Constants ¶
View Source
const NoSource = ""
NoSource is returned if no classification was made.
Variables ¶
This section is empty.
Functions ¶
func BenchmarkModule ¶
BenchmarkModule runs a module on all available dump files. It is used for benchmarking the modules.
func FlushTrackedFlows ¶
func FlushTrackedFlows()
FlushTrackedFlows flushes the map used for tracking flows. Any new packets that arrive after this operation will be considered new flows.
Types ¶
type ClassificationResult ¶
type ClassificationResult struct {
Protocol Protocol
Source ClassificationSource
}
ClassificationResult contains the detected protocol and the source of the classification from a classification attempt.
func (ClassificationResult) String ¶
func (result ClassificationResult) String() string
type ClassificationSource ¶
type ClassificationSource string
ClassificationSource is the module of the library that is responsible for the classification of a flow.
type Flow ¶
type Flow struct {
// contains filtered or unexported fields
}
Flow contains sufficient information to classify a flow.
func CreateFlowFromPacket ¶
CreateFlowFromPacket creates a flow with a single packet.
func GetFlowForPacket ¶
GetFlowForPacket finds any previous flow that the packet belongs to. It adds the packet to that flow and returns the flow. If no such flow is found, a new one is created.
func (*Flow) GetClassificationResult ¶
func (flow *Flow) GetClassificationResult() (result ClassificationResult)
GetClassificationResult returns the currently detected protocol for this flow and the source of that detection.
func (*Flow) GetPackets ¶
GetPackets returns the list of packets in a thread-safe way.
func (*Flow) SetClassificationResult ¶
func (flow *Flow) SetClassificationResult(protocol Protocol, source ClassificationSource)
SetClassificationResult sets the detected protocol and classification source for this flow.
type MockModule ¶
type MockModule struct {
InitSuccess bool
InitCalled int
DestroySuccess bool
DestroyCalled int
ClassifySuccess bool
ClassifyCalled int
SourceName string
}
MockModule is used in tests in order to test the functionality of modules.
func (*MockModule) ClassifyFlow ¶
func (module *MockModule) ClassifyFlow(flow *Flow) (result ClassificationResult)
ClassifyFlow logs the classification by the mock module.
func (*MockModule) ClassifyFlowAll ¶
func (module *MockModule) ClassifyFlowAll(flow *Flow) (results []ClassificationResult)
ClassifyFlowAll logs the multiple classification by the mock module.
func (*MockModule) Destroy ¶
func (module *MockModule) Destroy() error
Destroy logs the destruction of the mock module.
func (*MockModule) Initialize ¶
func (module *MockModule) Initialize() error
Initialize logs the initialization of the mock module.
type Module ¶
type Module interface {
Initialize() error
Destroy() error
ClassifyFlow(*Flow) ClassificationResult
ClassifyFlowAll(*Flow) []ClassificationResult
}
Module is implemented by every classification module provided by the library. Each module has its own initialization and destruction methods, as well as their own method for classifying a flow. They may also be enabled or disabled and usually will also provide a configuration method.
type Protocol ¶
type Protocol string
Protocol is the type of each of the detected protocols.
const ( FTP Protocol = "FtpControl" //NDPI_PROTOCOL_FTP_CONTROL = 1, /* Tomasz Bujlow <tomasz@skatnet.dk> */ MAILPOP Protocol = "MailPop" //NDPI_PROTOCOL_MAIL_POP = 2, SMTP Protocol = "MailSmtp" //NDPI_PROTOCOL_MAIL_SMTP = 3, MAILIMP Protocol = "MailImp" //NDPI_PROTOCOL_MAIL_IMAP = 4, DNS Protocol = "DNS" //NDPI_PROTOCOL_DNS = 5, HTTP Protocol = "HTTP" //NDPI_PROTOCOL_HTTP = 7, MDNS Protocol = "MDNS" //NDPI_PROTOCOL_MDNS = 8, NTP Protocol = "NTP" //NDPI_PROTOCOL_NTP = 9, NetBIOS Protocol = "NetBIOS" //NDPI_PROTOCOL_NETBIOS = 10, NFS Protocol = "NFS" //NDPI_PROTOCOL_NFS = 11, SSDP Protocol = "SSDP" //NDPI_PROTOCOL_SSDP = 12, SNMP Protocol = "SNMP" //NDPI_PROTOCOL_SNMP = 14, SMB Protocol = "SMBV1" //NDPI_PROTOCOL_SMBV1 = 16, /* SMB version 1 */ SYSLOG Protocol = "SYSLOG" //NDPI_PROTOCOL_SYSLOG = 17, DHCP Protocol = "DHCP" //NDPI_PROTOCOL_DHCP = 18, POSTGRES Protocol = "POSTGRES" //NDPI_PROTOCOL_POSTGRES = 19, MYSQL Protocol = "MYSQL" //NDPI_PROTOCOL_MYSQL = 20, HOTMAIL Protocol = "HOTMAIL" //NDPI_PROTOCOL_HOTMAIL = 21, DIRECTDOWNLOADLINK Protocol = "DirectDownloadLink" //NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK = 22, MAILPOPS Protocol = "MailPops" // NDPI_PROTOCOL_MAIL_POPS = 23, APPLEJUICE Protocol = "AppleJuice" //NDPI_PROTOCOL_APPLEJUICE = 24, DIRECTCONNECT Protocol = "DirectConnect" //NDPI_PROTOCOL_DIRECTCONNECT = 25, NTOP Protocol = "NTOP" //NDPI_PROTOCOL_NTOP = 26, VMWARE Protocol = "WMWARE" //NDPI_PROTOCOL_VMWARE = 28, MAILSMTPS Protocol = "MailSmtps" //NDPI_PROTOCOL_MAIL_SMTPS = 29, UBNTAC2 Protocol = "UBNTAC2" //NDPI_PROTOCOL_UBNTAC2 = 31, /* Ubiquity UBNT AirControl = 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */ CONTIKI Protocol = "CONTKI" //NDPI_PROTOCOL_KONTIKI = 32, OPENFT Protocol = "OPENFT" //NDPI_PROTOCOL_OPENFT = 33, FASTTRACK Protocol = "FastTrack" //NDPI_PROTOCOL_FASTTRACK = 34, GNUTELLA Protocol = "GnuTella" //NDPI_PROTOCOL_GNUTELLA = 35, EDONKEY Protocol = "EDONKEY" //NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow <tomasz@skatnet.dk> */ BITTORRENT Protocol = "BitTorrent" //NDPI_PROTOCOL_BITTORRENT = 37, SKYPECALL Protocol = "SkypeCall" //NDPI_PROTOCOL_SKYPE_CALL = 38, /* Skype call and videocalls */ SIGNAL Protocol = "SINGAL" //NDPI_PROTOCOL_SIGNAL = 39, MEMCACHED Protocol = "MemCached" //NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski <darryl@egloo.ca> */ SMBV23 Protocol = "SMBV23" // NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ MINING Protocol = "MINING" //NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ NESTLOGSINK Protocol = "NestLogSink" //NDPI_PROTOCOL_NEST_LOG_SINK = 43, /* Nest Log Sink (Nest Protect) - Darryl Sokoloski <darryl@egloo.ca> */ MODBUS Protocol = "MODBUS" // NDPI_PROTOCOL_MODBUS = 44, /* Modbus */ WHATSAPPCALL Protocol = "WhatsAppCall" //NDPI_PROTOCOL_WHATSAPP_CALL = 45, /* WhatsApp video ad audio calls go here */ DATASAVER Protocol = "DataSaver" //NDPI_PROTOCOL_DATASAVER = 46, /* Protocols used to save data on Internet communications */ XBOX Protocol = "XBOX" //NDPI_PROTOCOL_XBOX = 47, QQ Protocol = "QQ" //NDPI_PROTOCOL_QQ = 48, TIKTOK Protocol = "TikTok" //NDPI_PROTOCOL_TIKTOK = 49, RTSP Protocol = "RTSP" //NDPI_PROTOCOL_RTSP = 50, MAILIMAPS Protocol = "MailIMaps" //NDPI_PROTOCOL_MAIL_IMAPS = 51, PPLIVE Protocol = "PPlive" //NDPI_PROTOCOL_PPLIVE = 53, /* Tomasz Bujlow <tomasz@skatnet.dk> */ PPSTREAM Protocol = "PPStream" //NDPI_PROTOCOL_PPSTREAM = 54, HTTPDOWNLOAD Protocol = "HttpDownload" //NDPI_PROTOCOL_HTTP_DOWNLOAD = 60, QQLIVE Protocol = "QQLive" //NDPI_PROTOCOL_QQLIVE = 61, THUNDER Protocol = "Thunder" //NDPI_PROTOCOL_THUNDER = 62, IRC Protocol = "IRC" //NDPI_PROTOCOL_IRC = 65, JABBER Protocol = "UncryptedJabber" //NDPI_PROTOCOL_UNENCRYPTED_JABBER = 67, MSN Protocol = "MSN" //NDPI_PROTOCOL_MSN = 68, YAHOO Protocol = "YAHOO" //NDPI_PROTOCOL_YAHOO = 70, BATTLEFIELD Protocol = "BattleField" //NDPI_PROTOCOL_BATTLEFIELD = 71, GOOGLEPLUS Protocol = "GooglePlus" //NDPI_PROTOCOL_GOOGLE_PLUS = 72, IPVRRP Protocol = "IPVRRP" //NDPI_PROTOCOL_IP_VRRP = 73, STEAM Protocol = "STEAM" //NDPI_PROTOCOL_STEAM = 74, /* Tomasz Bujlow <tomasz@skatnet.dk> */ HALFLIFE2 Protocol = "HalfLife2" //NDPI_PROTOCOL_HALFLIFE2 = 75, WORLDOFWARCRAFT Protocol = "WorldOfWarcraft" //NDPI_PROTOCOL_WORLDOFWARCRAFT = 76, TELNET Protocol = "TELNET" //NDPI_PROTOCOL_TELNET = 77, ICMP Protocol = "IPICMP" //NDPI_PROTOCOL_IP_ICMP = 81, IPIGMP Protocol = "IPIGMP" //NDPI_PROTOCOL_IP_IGMP = 82, VNC Protocol = "VNC" //NDPI_PROTOCOL_VNC = 89, TLS Protocol = "TLS" //NDPI_PROTOCOL_TLS = 91, SSH Protocol = "SSH" //NDPI_PROTOCOL_SSH = 92, TFTP Protocol = "TFTP" //NDPI_PROTOCOL_TFTP = 96, IPICMPV6 Protocol = "IPICMPV6" //NDPI_PROTOCOL_IP_ICMPV6 = 102, DHCPV6 Protocol = "DHCPV6" //NDPI_PROTOCOL_DHCPV6 = 103, GUILDWARS Protocol = "GuildWars" //NDPI_PROTOCOL_GUILDWARS = 109, HTTPACTIVESYNC Protocol = "HttpActiveSync" //NDPI_PROTOCOL_HTTP_ACTIVESYNC = 110, LDAP Protocol = "LADAP" //NDPI_PROTOCOL_LDAP = 112, MSSQLTDS Protocol = "MssqlTds" //NDPI_PROTOCOL_MSSQL_TDS = 114, PPTP Protocol = "PPTP" //NDPI_PROTOCOL_PPTP = 115, WARCRAFT3 Protocol = "WarCraft3" //NDPI_PROTOCOL_WARCRAFT3 = 116, WORLDOFKUNGFU Protocol = "WorldOfKungfu" //NDPI_PROTOCOL_WORLD_OF_KUNG_FU = 117, FACEBOOK Protocol = "FACEBOOK" //NDPI_PROTOCOL_FACEBOOK = 119, TWITTER Protocol = "TWITTER" //NDPI_PROTOCOL_TWITTER = 120, DROPBOX Protocol = "DROPBOX" //NDPI_PROTOCOL_DROPBOX = 121, GMAIL Protocol = "GMAIL" //NDPI_PROTOCOL_GMAIL = 122, GOOGLEMAPS Protocol = "GoogleMaps" //NDPI_PROTOCOL_GOOGLE_MAPS = 123, YOUTUBE Protocol = "YOUTUBE" //NDPI_PROTOCOL_YOUTUBE = 124, SKYPE Protocol = "SKYPE" //NDPI_PROTOCOL_SKYPE = 125, GOOGLE Protocol = "GOOGLE" //NDPI_PROTOCOL_GOOGLE = 126, NETFLOW Protocol = "NETFLOW" //NDPI_PROTOCOL_NETFLOW = 128, SFLOW Protocol = "SFLOW" //NDPI_PROTOCOL_SFLOW = 129, HTTPCONNECT Protocol = "HttpConnect" //NDPI_PROTOCOL_HTTP_CONNECT = 130, HTTPPROXY Protocol = "HttpProxy" //NDPI_PROTOCOL_HTTP_PROXY = 131, HTTPWAZE Protocol = "HttpWaze" //NDPI_PROTOCOL_WAZE = 135, HTTPYOUTUBEUPLOAD Protocol = "HttpYoutubeUpload" //NDPI_PROTOCOL_YOUTUBE_UPLOAD = 136, /* Upload files to youtube */ APPLE Protocol = "APPLE" //NDPI_PROTOCOL_APPLE = 140, WEBEX Protocol = "WEBEX" //NDPI_PROTOCOL_WEBEX = 141, WHATSAPP Protocol = "WHATSAPP" //NDPI_PROTOCOL_WHATSAPP = 142, ICLOUD Protocol = "ICLOUD" //NDPI_PROTOCOL_APPLE_ICLOUD = 143, APPLEITUNES Protocol = "AppleITunes" //NDPI_PROTOCOL_APPLE_ITUNES = 145, WINDOWSUPDATE Protocol = "WindowsUpdate" //NDPI_PROTOCOL_WINDOWS_UPDATE = 147, TEAMVIEWER Protocol = "TEAMVIEWER" //NDPI_PROTOCOL_TEAMVIEWER = 148, /* xplico.org */ UPNP Protocol = "UPNP" //NDPI_PROTOCOL_UPNP = 153, REMOTESCAN Protocol = "RemoteScan" //NDPI_PROTOCOL_REMOTE_SCAN = 155, MESSENGER Protocol = "MESSENGER" //NDPI_PROTOCOL_MESSENGER = 157, H323 Protocol = "H323" //NDPI_PROTOCOL_H323 = 158, /* Remy Mudingay <mudingay@ill.fr> */ OPENVPN Protocol = "OPENVPN" //NDPI_PROTOCOL_OPENVPN = 159, /* Remy Mudingay <mudingay@ill.fr> */ CISCOVPN Protocol = "CISCOVPN" //NDPI_PROTOCOL_CISCOVPN = 161, /* Remy Mudingay <mudingay@ill.fr> */ RSYNC Protocol = "RSYNC" //NDPI_PROTOCOL_RSYNC = 166, /* Remy Mudingay <mudingay@ill.fr> */ SOCKS Protocol = "SPCKS" //NDPI_PROTOCOL_SOCKS = 172, /* Tomasz Bujlow <tomasz@skatnet.dk> */ FTPDATA Protocol = "FTPDATA" //NDPI_PROTOCOL_FTP_DATA = 175, /* Tomasz Bujlow <tomasz@skatnet.dk> */ TELEGRAM Protocol = "TELEGRAM" //NDPI_PROTOCOL_TELEGRAM = 185, /* Gianluca Costa <g.costa@xplico.org> */ ZOOM Protocol = "ZOOM" //NDPI_PROTOCOL_ZOOM = 189, /* Zoom video conference. */ DOHDOT Protocol = "DPHDOT" //NDPI_PROTOCOL_DOH_DOT = 196, /* DoH (DNS over HTTPS), DoT (DNS over TLS) */ WECHAT Protocol = "WECHAT" //NDPI_PROTOCOL_WECHAT = 197, SNAPCHAT Protocol = "SNAPCHAT" //NDPI_PROTOCOL_SNAPCHAT = 199, SINA Protocol = "SINA" //NDPI_PROTOCOL_SINA = 200, STARCRAFT Protocol = "STARCRAFT" //NDPI_PROTOCOL_STARCRAFT = 213, /* Matteo Bracci <matteobracci1@gmail.com> */ GOOGLEDRIVE Protocol = "GOOGLEDRIVE" //NDPI_PROTOCOL_GOOGLE_DRIVE = 217, MSONEDRIVE Protocol = "MSONEDRIVE" //NDPI_PROTOCOL_MS_ONE_DRIVE = 221, MQTT Protocol = "MQTT" //NDPI_PROTOCOL_MQTT = 222, APPLESTORE Protocol = "APPLESTORE" //NDPI_PROTOCOL_APPLESTORE = 224, APPLEPUSH Protocol = "APPLEPUSH" //NDPI_PROTOCOL_APPLE_PUSH = 238, GOOGLESERVICES Protocol = "GOOGLESERVICES" //NDPI_PROTOCOL_GOOGLE_SERVICES = 239, AMAZONVIDEO Protocol = "AMAZONVIDEO" //NDPI_PROTOCOL_AMAZON_VIDEO = 240, GOOGLEDOCS Protocol = "GOOGLEDOCS" //NDPI_PROTOCOL_GOOGLE_DOCS = 241, WHATAPPFILES Protocol = "WHATSAPPFILES" //NDPI_PROTOCOL_WHATSAPP_FILES = 242, /* Videos, pictures, voice messages... */ RPC Protocol = "RPC" //NDPI_PROTOCOL_DCERPC RDP Protocol = "RDP" //NDPI_PROTOCOL_RDP SSL Protocol = "SSL" //SSL that isn't HTTPS HTTPS Protocol = "HTTPS" // YOUKU Protocol = "YOUKU" // you ku IPOP Protocol = "IPOP" //IP over P2P TAOBAO Protocol = "TAOBAO" //Custom protocol seen on Taobao CDN TENCENTGAMES Protocol = "TencentGames" //Games operated by Tencent QQDOWNLOAD Protocol = "QQDOWNLOAD" // QQ DOWNLOAD QQSPEEDMOBILE Protocol = "QQSPEEDMOBILE" // HTTPTUNNEL Protocol = "HTTPTUNNEL" //Tunnelling via HTTP LOL Protocol = "LOL" //League of Legends BITCOIN Protocol = "BITCOIN" Unknown Protocol = "" )
Protocol identifiers for the supported protocols
Source Files
Click to show internal directories.
Click to hide internal directories.