Merge pull request logrhythm#95 from Logrhythm/2.2.2

2.2.2

packaging/protoBuffers.spec

@@ -16,6 +16,7 @@ ExclusiveArch: x86_64
 Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. 
 
 %prep
+export PATH=/usr/local/probe/bin:$PATH
 cd  ~/rpmbuild/BUILD
 rm -rf protobuf-2.4.1
 tar -xjvf ~/rpmbuild/SOURCES/protobuf-2.4.1.tar.bz2
@@ -25,10 +26,12 @@ export GLOBAL_CPP_FLAGS="-fPIC"
 env CPPFLAGS="$CPPFLAGS $GLOBAL_CPP_FLAGS" ./configure --prefix=/usr/local/probe
 cd ..
 %build
+export PATH=/usr/local/probe/bin:$PATH
 cd protobuf-2.4.1
 make -j8
 
 %install
+export PATH=/usr/local/probe/bin:$PATH
 cd protobuf-2.4.1
 make install prefix=$RPM_BUILD_ROOT/usr/local/probe
 

protofiles/Applications.proto

@@ -1967,4 +1967,50 @@ optional string unassigned_ip_prot_177 = 1965 [default = "The UNASSIGNED_IP_PROT
 optional string unassigned_ip_prot_154 = 1966 [default = "The UNASSIGNED_IP_PROT_154 protocol (IANA Unassigned Internet Protocol Number 154) is found over the IP layer (IANA protocol number: 154)."];
 optional string crazysaloon = 1967 [default = "Bittorrent tracker search engine"];
 optional string espncricinfo = 1968 [default = "International cricket news live scores photos columns and player profiles."];
+optional string ndmp = 1969 [default = "NDMP (Network Data Management Protocol) is an open protocol for enterprise-wide network based backup over TCP."];
+optional string super = 1970 [default = "Prague based agency represents models from Czech and Slovak Republic."];
+optional string saitebi = 1971 [default = "Georgian internet catalog."];
+optional string radio1 = 1972 [default = "French Polinesian radio broadcast website."];
+optional string mihanblog = 1973 [default = "Persian blogging platform"];
+optional string varzesh3 = 1974 [default = "Persian online sports new portal."];
+optional string bits = 1975 [default = "Background Intelligent Transfer Service (BITS) transfers files (downloads or uploads) between a client and server and provides progress information related to the transfers."];
+optional string ypbind = 1976 [default = "The ypbind utility is the process that maintains NIS binding information. At startup it searches for an NIS server responsible for serving the system's default domain (as set by the domainname(1) command) using net-work broadcasts"];
+optional string marktplaats = 1977 [default = "Dutch advertising site where you can sell new and second-hand goods."];
+optional string vbox7 = 1978 [default = "Bulgarian video streaming website."];
+optional string njuskalo = 1979 [default = "Croatian online classified ads"];
+optional string pik = 1980 [default = "Bosnian online trading website."];
+optional string shobiddak = 1981 [default = "Palestinian online classified ads."];
+optional string sulit = 1982 [default = "Filipino online classified ads."];
+optional string qatarliving = 1983 [default = "Qatari online classified ads."];
+optional string tunisia_sat = 1984 [default = "Tunisian forum hosting platform."];
+optional string skelbiu = 1985 [default = "Lithuanian online classified ads and trading website."];
+optional string s_oman = 1986 [default = "Omani forum hosting website."];
+optional string namba = 1987 [default = "Kyrgyzstani forum and social networking site."];
+optional string moov = 1988 [default = "Malagasy internet web portal"];
+optional string nairaland = 1989 [default = "Nigerian forum hosting site"];
+optional string sccm = 1990 [default = "System Center Configuration Manager is a systems management software product by Microsoft for managing large groups of computers running Windows Mac OS X Linux or UNIX as well as various mobile operating systems. [Note: sccm is also known as mssms.]"];
+optional string somud = 1991 [default = "SoMud is a BitTorrent client. This signature classifies BitTorrent tracker streams over http specific to the SoMud client. Data streams will be classified as bittorrent only."];
+optional string walla = 1992 [default = "Israelian internet portal."];
+optional string plius = 1993 [default = "Lithuanian online classified ads."];
+optional string sahibinden = 1994 [default = "Turkish online classified ads and e-commerce platform."];
+optional string trademe = 1995 [default = "New Zealander online trading site."];
+optional string peyvandha = 1996 [default = "Persian internet portal."];
+optional string zoznam = 1997 [default = "Slovakian internet portal."];
+optional string ss = 1998 [default = "Latvian online classified ads."];
+optional string tut = 1999 [default = "Belarusian internet portal."];
+optional string tvking = 2000 [default = "TvKing is an application which is able to get video stream lists from its own web site and from other ones. Classifies HTTP web browsing only."];
+optional string ouedkniss = 2001 [default = "Algerian internet portal"];
+optional string ricardo = 2002 [default = "Swiss online trading website."];
+optional string willhaben = 2003 [default = "Austrian online classified ads."];
+optional string worksite = 2004 [default = "WorkSite is a Document Management System (DMS) application. It is primarily used by law firms and corporate legal departments."];
+optional string maltapark = 2005 [default = "Maltapark is the most popular trading website in Malta."];
+optional string petitesannonces = 2006 [default = "French Polinesian online classified ads"];
+optional string motika = 2007 [default = "Macedonian video posting website."];
+optional string quantum_dxi_ost = 2008 [default = "Classifies the Symantec NetBackup streams that use the Quantum DXi replication solution. This implements the OpenStorage API (OST)."];
+optional string mudah = 2009 [default = "Malaisian free classified ads."];
+optional string mana = 2010 [default = "French Polynesian internet service provider website"];
+optional string imessage_file_download = 2011 [default = "Apple Web Service used to retrieve video messages sent between two iOS devices via the iMessage application. This signature only classifies video download from the message receiver device. The video upload from the sender will be classified as apns (Apple Push Notification)"];
+optional string persianblog = 2012 [default = "Persian blogging platform"];
+optional string seznam = 2013 [default = "Czech internet web protal."];
+optional string iscsi = 2014 [default = "Internet Small Computer Systems Interface (iSCSI) as described in RFC3720."];
 }

protofiles/DpiMsgLRproto.proto

@@ -1960,7 +1960,6 @@ repeated bytes native_lan_managerQ_PROTO_SMB = 2245; // QOSMOS:Q_PROTO_SMB,Q_SMB
 repeated bytes command_stringQ_PROTO_SMB = 2246; // QOSMOS:Q_PROTO_SMB,Q_SMB_COMMAND_STRING
 repeated bytes loadwayQ_PROTO_SMB = 2247; // QOSMOS:Q_PROTO_SMB,Q_SMB_LOADWAY
 optional uint64 query_idQ_PROTO_SMB = 2248; // QOSMOS:Q_PROTO_SMB,Q_SMB_QUERY_ID
-optional uint32 krb5_blob_lenQ_PROTO_SMB = 2249; // QOSMOS:Q_PROTO_SMB,Q_SMB_KRB5_BLOB_LEN
 optional uint32 search_attributesQ_PROTO_SMB = 2250; // QOSMOS:Q_PROTO_SMB,Q_SMB_SEARCH_ATTRIBUTES
 optional uint32 search_storage_typeQ_PROTO_SMB = 2251; // QOSMOS:Q_PROTO_SMB,Q_SMB_SEARCH_STORAGE_TYPE
 repeated bytes search_patternQ_PROTO_SMB = 2252; // QOSMOS:Q_PROTO_SMB,Q_SMB_SEARCH_PATTERN
@@ -2639,4 +2638,6 @@ optional uint32 response_sizeQ_PROTO_TNS = 2926; // QOSMOS:Q_PROTO_TNS,Q_TNS_RES
 optional string response_timeQ_PROTO_TNS = 2927; // QOSMOS:Q_PROTO_TNS,Q_TNS_RESPONSE_TIME,timeval,timevalToString
 optional uint32 service_durationQ_PROTO_VIBER = 2928; // QOSMOS:Q_PROTO_VIBER,Q_MPA_SERVICE_DURATION
 repeated bytes application_nameQ_PROTO_WINDOWS_MARKETPLACE = 2929; // QOSMOS:Q_PROTO_WINDOWS_MARKETPLACE,Q_WINDOWS_MARKETPLACE_APPLICATION_NAME
+optional uint32 expiresQ_PROTO_SIP = 2930; // QOSMOS:Q_PROTO_SIP,Q_SIP_EXPIRES
+optional uint32 security_blob_lenQ_PROTO_SMB = 2931; // QOSMOS:Q_PROTO_SMB,Q_SMB_SECURITY_BLOB_LEN
 }

resources/Applications.csv

@@ -1960,3 +1960,49 @@ unassigned_ip_prot_177,1965,"The UNASSIGNED_IP_PROT_177 protocol (IANA Unassigne
 unassigned_ip_prot_154,1966,"The UNASSIGNED_IP_PROT_154 protocol (IANA Unassigned Internet Protocol Number 154) is found over the IP layer (IANA protocol number: 154)."
 crazysaloon,1967,"Bittorrent tracker search engine"
 espncricinfo,1968,"International cricket news live scores photos columns and player profiles."
+ndmp,1969,"NDMP (Network Data Management Protocol) is an open protocol for enterprise-wide network based backup over TCP."
+super,1970,"Prague based agency represents models from Czech and Slovak Republic."
+saitebi,1971,"Georgian internet catalog."
+radio1,1972,"French Polinesian radio broadcast website."
+mihanblog,1973,"Persian blogging platform"
+varzesh3,1974,"Persian online sports new portal."
+bits,1975,"Background Intelligent Transfer Service (BITS) transfers files (downloads or uploads) between a client and server and provides progress information related to the transfers."
+ypbind,1976,"The ypbind utility is the process that maintains NIS binding information. At startup it searches for an NIS server responsible for serving the system's default domain (as set by the domainname(1) command) using net-work broadcasts"
+marktplaats,1977,"Dutch advertising site where you can sell new and second-hand goods."
+vbox7,1978,"Bulgarian video streaming website."
+njuskalo,1979,"Croatian online classified ads"
+pik,1980,"Bosnian online trading website."
+shobiddak,1981,"Palestinian online classified ads."
+sulit,1982,"Filipino online classified ads."
+qatarliving,1983,"Qatari online classified ads."
+tunisia_sat,1984,"Tunisian forum hosting platform."
+skelbiu,1985,"Lithuanian online classified ads and trading website."
+s_oman,1986,"Omani forum hosting website."
+namba,1987,"Kyrgyzstani forum and social networking site."
+moov,1988,"Malagasy internet web portal"
+nairaland,1989,"Nigerian forum hosting site"
+sccm,1990,"System Center Configuration Manager is a systems management software product by Microsoft for managing large groups of computers running Windows Mac OS X Linux or UNIX as well as various mobile operating systems. [Note: sccm is also known as mssms."
+somud,1991,"SoMud is a BitTorrent client. This signature classifies BitTorrent tracker streams over http specific to the SoMud client. Data streams will be classified as bittorrent only."
+walla,1992,"Israelian internet portal."
+plius,1993,"Lithuanian online classified ads."
+sahibinden,1994,"Turkish online classified ads and e-commerce platform."
+trademe,1995,"New Zealander online trading site."
+peyvandha,1996,"Persian internet portal."
+zoznam,1997,"Slovakian internet portal."
+ss,1998,"Latvian online classified ads."
+tut,1999,"Belarusian internet portal."
+tvking,2000,"TvKing is an application which is able to get video stream lists from its own web site and from other ones. Classifies HTTP web browsing only."
+ouedkniss,2001,"Algerian internet portal"
+ricardo,2002,"Swiss online trading website."
+willhaben,2003,"Austrian online classified ads."
+worksite,2004,"WorkSite is a Document Management System (DMS) application. It is primarily used by law firms and corporate legal departments."
+maltapark,2005,"Maltapark is the most popular trading website in Malta."
+petitesannonces,2006,"French Polinesian online classified ads"
+motika,2007,"Macedonian video posting website."
+quantum_dxi_ost,2008,"Classifies the Symantec NetBackup streams that use the Quantum DXi replication solution. This implements the OpenStorage API (OST)."
+mudah,2009,"Malaisian free classified ads."
+mana,2010,"French Polynesian internet service provider website"
+imessage_file_download,2011,"Apple Web Service used to retrieve video messages sent between two iOS devices via the iMessage application. This signature only classifies video download from the message receiver device. The video upload from the sender will be classified as apns (Apple Push Notification)"
+persianblog,2012,"Persian blogging platform"
+seznam,2013,"Czech internet web protal."
+iscsi,2014,"Internet Small Computer Systems Interface (iSCSI) as described in RFC3720."