From 3b5d8177f70da5eeaec308512860f2fd09f67bc3 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 3 Feb 2018 17:06:28 +0100 Subject: [PATCH 1/2] fix wrong conversion dec to hex --- src/lib/ndpi_content_match.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index aa5a990ea34..6ff6220f6ce 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -216,7 +216,7 @@ static ndpi_network host_protocol_list[] = { { 0x344D0000 /* 52.77.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x3452BB00 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34520000 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, { 0x34580000 /* 52.88.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, { 0x345F0000 /* 52.95.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, From 73b401956123fe71fc2e8ebee113b2c570613d4a Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 3 Feb 2018 19:56:14 +0100 Subject: [PATCH 2/2] update results for test pcap --- tests/result/http_ipv6.pcap.out | 8 ++++---- tests/result/mpeg.pcap.out | 2 +- tests/result/ocs.pcap.out | 7 ++++--- tests/result/skype.pcap.out | 5 +++-- tests/result/skype_no_unknown.pcap.out | 5 +++-- tests/result/viber_mobile.pcap.out | 7 ++++--- tests/result/whatsapp_login_call.pcap.out | 5 +++-- tests/result/whatsapp_login_chat.pcap.out | 5 +++-- 8 files changed, 25 insertions(+), 19 deletions(-) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index e09cf3fe365..37f5ce787b4 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 7b6978c3fde..1f5020ab6ca 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.238/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.241/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 628f5160751..dad0e148ba5 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -2,15 +2,16 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 SSL 20 2715 1 -Google 40 5453 5 +Google 27 3176 3 OCS 863 57552 7 PlayStore 1 72 1 +GoogleServices 13 2277 2 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws] 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] - 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] + 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/SSL.GoogleServices][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] @@ -21,7 +22,7 @@ PlayStore 1 72 1 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] 15 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] - 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] + 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] 17 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 18 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] 19 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 80e251ce74c..21e32c28ad8 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -8,10 +8,11 @@ IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 Skype 2139 324409 249 -Apple 15 2045 2 +Apple 3 168 1 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 +ApplePush 12 1877 1 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] @@ -33,7 +34,7 @@ MS_OneDrive 387 198090 1 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] - 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][6 pkts/1211 bytes <-> 6 pkts/666 bytes] 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index bb57b636d3b..33571bc4aeb 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -8,8 +8,9 @@ IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 Skype 1291 190136 223 -Apple 84 20699 2 +Apple 76 19581 1 MS_OneDrive 348 181687 1 +ApplePush 8 1118 1 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] @@ -68,7 +69,7 @@ MS_OneDrive 348 181687 1 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] - 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][4 pkts/674 bytes <-> 4 pkts/444 bytes] 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 60 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index c69eda2bb47..e481134e88e 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -8,10 +8,11 @@ SSL 72 21126 6 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 76 17175 8 +Google 59 14520 6 WhatsApp 38 6756 3 Viber 10081 1413446 4 Amazon 8 528 1 +GoogleServices 17 2655 2 1 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4192 pkts/515224 bytes <-> 5865 pkts/895629 bytes] 2 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][19 pkts/3115 bytes <-> 18 pkts/13053 bytes][client: graph.facebook.com][server: *.facebook.com] @@ -22,7 +23,7 @@ Amazon 8 528 1 7 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][13 pkts/1401 bytes <-> 16 pkts/4545 bytes] 8 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][22 pkts/3437 bytes <-> 14 pkts/2437 bytes] 9 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] - 10 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][7 pkts/1505 bytes <-> 8 pkts/953 bytes][client: mtalk.google.com] + 10 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.239/SSL.GoogleServices][7 pkts/1505 bytes <-> 8 pkts/953 bytes][client: mtalk.google.com] 11 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes -> 0 pkts/0 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] 12 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][8 pkts/1187 bytes <-> 8 pkts/856 bytes] 13 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][4 pkts/996 bytes <-> 4 pkts/996 bytes] @@ -71,7 +72,7 @@ Amazon 8 528 1 56 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes <-> 1 pkts/166 bytes][Host: s.jpush.cn] 57 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/141 bytes][Host: easytomessage.com] 58 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/136 bytes][Host: graph.facebook.com] - 59 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/76 bytes <-> 1 pkts/121 bytes][Host: mtalk.google.com] + 59 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][1 pkts/76 bytes <-> 1 pkts/121 bytes][Host: mtalk.google.com] 60 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/120 bytes][Host: sis.jpush.io] 62 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index b30cffa7477..73697827b9d 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -6,11 +6,12 @@ ICMP 10 700 1 SSL 8 589 2 Facebook 70 9464 14 Dropbox 4 2176 1 -Apple 127 28102 20 +Apple 105 22176 19 WhatsApp 182 25154 2 Spotify 3 258 1 WhatsAppVoice 706 91156 4 AppleStore 85 28087 2 +ApplePush 22 5926 1 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][186 pkts/27025 bytes <-> 278 pkts/25895 bytes] 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][141 pkts/17530 bytes <-> 57 pkts/12888 bytes] @@ -18,7 +19,7 @@ AppleStore 85 28087 2 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com] 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] - 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] + 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index f94954c5f7a..f407fcfce87 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -1,13 +1,14 @@ MDNS 2 202 2 DHCP 6 2052 1 Dropbox 2 1088 1 -Apple 50 23466 2 +Apple 44 21371 1 WhatsApp 32 3243 2 Spotify 1 86 1 +ApplePush 6 2095 1 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] - 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes -> 0 pkts/0 bytes] + 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][6 pkts/2095 bytes -> 0 pkts/0 bytes] 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net]