Add some statistics to ndpiReader #1587
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The purpose of this version of ndpiReader is too adding some other statistics printed by ndpiReader. In this simple version the domain names(in the flows) that are collected are: flow-> ssh_tls.server_info flow-> host_server_name and are placed in a UT_hash_table, ordering them by number of occurrences.
utoni
requested changes
Jun 8, 2022
IvanNardi
requested changes
Jun 8, 2022
There was a problem hiding this comment.
This is the output of your code:
./example/ndpiReader -t -i ./tests/pcap/1kxun.pcap -v4
[...]
NOTE: as one flow can have multiple risks set, the sum of the
last column can exceed the number of flows with risks.
pic.1kxun.com 15
239.255.255.250:1900 12
mangaweb.1kxun.mobi 11
charming-pc 7
hkbn.content.1kxun.com 6
???????????? 6
joanna-pc 5
kankan.1kxun.com 5
isatap 5
kevin-pc 5
jp.kankan.1kxun.mobi 4
hybird.rayjump.com 4
caesar-thinkpad 4
192.168.115.75 4
setting.rayjump.com 4
wangs-ltw 4
ro_x1c 4
ws.1kxun.mobi 3
jason-pc 3
dl-obs.official.line.naver.jp 3
net.rayjump.com 3
wpad 2
cdn.liftoff.io 2
tw.api.vpon.com 2
de01.rayjump.com 2
sonusav 2
notebook 2
sanji-lifebook- 2
analytics.rayjump.com 2
usher-pc 2
vv.video.qq.com 2
218.244.135.170 1
play.google.com 1
gfile 1
qzonestyle.gtimg.cn 1
_googlecast._tcp.local 1
[ff02::c]:1900 1
impression-east.liftoff.io 1
click.liftoff.io 1
nasfile 1
macbookair-e1d0 1
api.magicansoft.com 1
kankan.1kxun.mobi 1
android.yingshi.tcclick.1kxun.com 1
www.googletagservices.com 1
shen 1
messages.1kxun.mobi 1
macbook-air 1
kasper-mac 1
pagead2.googlesyndication.com 1
cgi.connect.qq.com 1
www.google-analytics.com 1
pingma.qq.com 1
tcad.wedolook.com 1
release.bigdata.1kxun.com 1
sc.arrancar.org 1
m.vpon.com 1
google.open-js.com 1
183.131.48.145 1
183.131.48.144 1
tknet-cdn.rayjump.com 1
adexp.liftoff.io 1
42.120.51.152 1
1 TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][ClearText][Confidence: DPI][cat: Streaming/17][11 pkts/2964 bytes <-> 95 pkts/639690 bytes][Goodput ratio: 75/99][49.88 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 216/0 10990/129 38757/4604 16131/573][Pkt Len c2s/s2c min/avg/max/stddev: 220/382 269/6734 278/21666 16/6665][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,9,0,0,2,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,64]
[...]
At very least, to make it more readable, you should:
- add a title and some new lines at the very beginning
- add a new line at the end
Take a look at the output with -v3
utoni
requested changes
Jun 8, 2022
utoni
reviewed
Jun 8, 2022
utoni
requested changes
Jun 8, 2022
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
utoni
requested changes
Jun 9, 2022
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
Co-authored-by: Toni <[email protected]>
utoni
requested changes
Jun 9, 2022
utoni
requested changes
Jun 9, 2022
Co-authored-by: Toni <[email protected]>
|
@claudio4495 |
utoni
requested changes
Jun 13, 2022
|
Kudos, SonarCloud Quality Gate passed!
|
|
@utoni , what do you think after the last iteration? |
Some room for improvement, but I think it is good2merge. |
|
@utoni yes, it's ok for me |
IvanNardi
approved these changes
Jun 15, 2022
utoni
approved these changes
Jun 15, 2022
|
@claudio4495, thanks for your contribution and ... in bocca al lupo per l'esame! |
|
thanks to both of you for your help. Have a good work |
|
Grazie @IvanNardi! Buona continuazione di sviluppo di ntop :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The purpose of this version of ndpiReader is too adding some other statistics printed by ndpiReader. In this simple version the domain names(in the flows) that are collected are:
flow-> ssh_tls.server_info
flow-> host_server_name
and are placed in a UT_hash_table, ordering them by number of occurrences.