Merge pull request elastic#320 from Shweta-Bhandare/PB160

Pb160
harper-carroll · Apr 13, 2015 · cfa55b4 · cfa55b4
2 parents e11e771 + f9ac27c
commit cfa55b4
Show file tree

Hide file tree

Showing 11 changed files with 1,969 additions and 1,891 deletions.
diff --git a/protofiles/Applications.proto b/protofiles/Applications.proto
@@ -2510,4 +2510,24 @@ optional string vecer = 2508 [default = "Macedonian and Balkan news portal."];
 optional string elwatannews = 2509 [default = "Egyptian news portal."];
 optional string afreeca = 2510 [default = "This protocol plug-in classifies the http and TCP traffic to the host .afreeca.com. Note: In Basic-DPI Partial classification over http and TCP"];
 optional string eksisozluk = 2511 [default = "Turkish forum on various topics. Includes occasional video streaming."];
+optional string hirufm = 2512 [default = "Sri lankan radio website"];
+optional string gettyimages = 2513 [default = "Getty Images distributes still imagery video music and multimedia products as well as other forms of premium digital content"];
+optional string offnews = 2514 [default = "Bulgarian news portal"];
+optional string bomb01 = 2515 [default = "Website about hong kongese youth interest and lifestyle related content"];
+optional string alkawnnews = 2516 [default = "Jordanian news portal"];
+optional string lazada = 2517 [default = "Indonesian online shopping mall"];
+optional string laprensagrafica = 2518 [default = "El salvadorian news portal"];
+optional string myauto = 2519 [default = "Georgian classified ads website specialized in motor vehicles"];
+optional string gcs = 2520 [default = "Online file storage web service for applications by Google. This plug-in classifies unsecured Client-to-Google servers web communications only."];
+optional string yemennow = 2521 [default = "Yemeni news portal"];
+optional string inwi = 2522 [default = "Moroccan mobile operator website"];
+optional string biobiochile = 2523 [default = "Chilian news portal"];
+optional string anspress = 2524 [default = "Azerbadjani news portal"];
+optional string adaderana = 2525 [default = "Sri lankan news portal"];
+optional string _6alabat = 2526 [default = "Kuwaitian online restaurant ordering website"];
+optional string bjnp = 2527 [default = "BJNP refers to a printer protocol used by printers made by Canon."];
+optional string gcm = 2528 [default = "Data exchange service between 3rd party server applications and Android client applications. This plug-in only classifies the messages exchanged between the CCS 3rd party server and the GCM cloud servers and also the messages exchanged between the GCM cloud servers and the client Android device."];
+optional string point = 2529 [default = "Moldovian news portal"];
+optional string twoo = 2530 [default = "Twoo is a social networking website enabling users to connect to relatives friends or unknown people."];
+optional string punyumunyu = 2531 [default = "Japanese adult movie website. Note: In Basic-DPI Partial classification over http."];
 }
diff --git a/protofiles/DpiMsgLRproto.proto b/protofiles/DpiMsgLRproto.proto
@@ -2766,4 +2766,9 @@ repeated bytes auidQ_PROTO_XCAP = 3078; // QOSMOS:Q_PROTO_XCAP,Q_XCAP_AUID
 optional uint32 service_idQ_PROTO_LYNC = 3079; // QOSMOS:Q_PROTO_LYNC,Q_MPA_SERVICE_ID
 repeated bytes serviceQ_PROTO_LYNC = 3080; // QOSMOS:Q_PROTO_LYNC,Q_MPA_SERVICE
 optional string session_durationQ_PROTO_RTP = 3081; // QOSMOS:Q_PROTO_RTP,Q_RTP_SESSION_DURATION,timeval,timevalToString
+optional uint32 flagsQ_PROTO_DNS = 3082; // QOSMOS:Q_PROTO_DNS,Q_DNS_FLAGS
+optional uint32 associated_stream_idQ_PROTO_SPDY = 3083; // QOSMOS:Q_PROTO_SPDY,Q_SPDY_ASSOCIATED_STREAM_ID
+repeated bytes loginQ_PROTO_TWOO = 3084; // QOSMOS:Q_PROTO_TWOO,Q_MPA_LOGIN
+repeated bytes passwordQ_PROTO_TWOO = 3085; // QOSMOS:Q_PROTO_TWOO,Q_MPA_PASSWORD
+optional uint32 is_mobile_serviceQ_PROTO_TWOO = 3086; // QOSMOS:Q_PROTO_TWOO,Q_MPA_IS_MOBILE_SERVICE
 }
diff --git a/resources/Applications.csv b/resources/Applications.csv
@@ -2503,3 +2503,23 @@ vecer,2508,"Macedonian and Balkan news portal."
 elwatannews,2509,"Egyptian news portal."
 afreeca,2510,"This protocol plug-in classifies the http and TCP traffic to the host .afreeca.com. Note: In Basic-DPI Partial classification over http and TCP"
 eksisozluk,2511,"Turkish forum on various topics. Includes occasional video streaming."
+hirufm,2512,"Sri lankan radio website"
+gettyimages,2513,"Getty Images distributes still imagery video music and multimedia products as well as other forms of premium digital content"
+offnews,2514,"Bulgarian news portal"
+bomb01,2515,"Website about hong kongese youth interest and lifestyle related content"
+alkawnnews,2516,"Jordanian news portal"
+lazada,2517,"Indonesian online shopping mall"
+laprensagrafica,2518,"El salvadorian news portal"
+myauto,2519,"Georgian classified ads website specialized in motor vehicles"
+gcs,2520,"Online file storage web service for applications by Google. This plug-in classifies unsecured Client-to-Google servers web communications only."
+yemennow,2521,"Yemeni news portal"
+inwi,2522,"Moroccan mobile operator website"
+biobiochile,2523,"Chilian news portal"
+anspress,2524,"Azerbadjani news portal"
+adaderana,2525,"Sri lankan news portal"
+_6alabat,2526,"Kuwaitian online restaurant ordering website"
+bjnp,2527,"BJNP refers to a printer protocol used by printers made by Canon."
+gcm,2528,"Data exchange service between 3rd party server applications and Android client applications. This plug-in only classifies the messages exchanged between the CCS 3rd party server and the GCM cloud servers and also the messages exchanged between the GCM cloud servers and the client Android device."
+point,2529,"Moldovian news portal"
+twoo,2530,"Twoo is a social networking website enabling users to connect to relatives friends or unknown people."
+punyumunyu,2531,"Japanese adult movie website. Note: In Basic-DPI Partial classification over http."
diff --git a/resources/NetMonFieldNames.csv b/resources/NetMonFieldNames.csv
@@ -2216,6 +2216,7 @@ SNPP,passwordQ_PROTO_SNPP,password,Passwd,Password,,,,,1st Review,,,,,,,,,,,,,,,
 SOCKS4,remote_addrQ_PROTO_SOCKS4,remote_addr,RemoteAddr,Remote Address,,,,,1st Review,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 SOCKS5,remote_addrQ_PROTO_SOCKS5,remote_addr,RemoteAddr,Remote Address,,,,,1st Review,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 SOCKS5,remote_nameQ_PROTO_SOCKS5,remote_name,RemoteName,Remote Name,object,<object>,Object,,1st Review,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+SPDY,associated_stream_idQ_PROTO_SPDY,associated_stream_id,AssociatedStreamId,Associated Stream Id,,,,,1st Review,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 SPDY,contentQ_PROTO_SPDY,content,Content,Content,,,,,1st Review,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 SPDY,header_countQ_PROTO_SPDY,header_count,HeaderCount,Header Count,,,,,1st Review,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 SPDY,header_nameQ_PROTO_SPDY,header_name,HeaderName,Header Name,object,<object>,Object,,1st Review,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

diff --git a/resources/ProtocolDescriptions.csv b/resources/ProtocolDescriptions.csv
@@ -307,6 +307,7 @@ dns,Domain Name Service,#reverse_addr,IP address returned to the PTR request.
 dns,Domain Name Service,#response_time,Elapsed time between sending of the dns request and reception of its response.
 dns,Domain Name Service,#ttl,Time (in seconds) a DNS information returned by the server will be kept in cache.
 dns,Domain Name Service,#section_type,Type of section for each DNS answer.
+dns,Domain Name Service,#flags,Flags.
 ebay,eBay.com,#query_text,Query sent to the search engine.
 ebay,eBay.com,#query_raw,Contains the query sent to the search engine as indicated in the URL.
 ebuddy,eBuddy.com,#contact_im,Instant Messaging network associated to the contact
@@ -413,7 +414,7 @@ facebook_mail,facebook mail,#uid,Generic user ID.
 facebook_mail,facebook mail,#login,User's login string.
 facebook_mail,facebook mail,#session_id,Uniquely identifies the current user session.
 facetime,Apple FaceTime,#service_id,"Composite 32-bit integer value defining the service currently used. The first byte (LSB) gives the generic service definition
-facetime,Apple FaceTime,#service_stats,Composite attribute containing the packet metrics used for each new service type detection. Note: this attribute won't be extracted in case of session expiration (eg. when the current service is not ended properly by the user).
+facetime,Apple FaceTime,#service_stats,"Composite attribute containing the packet metrics used for each new service type detection
 facetime,Apple FaceTime,#service,Current service identification string.
 facetime,Apple FaceTime,#service_duration,"4 bytes integer value indicating
 facetime,Apple FaceTime,#service_duration_tv,"Timeval structure indicating
@@ -1088,7 +1089,7 @@ ldap,Lighweight Directory Access Protocol,#hostname,Hostname extracted from a lo
 ldap,Lighweight Directory Access Protocol,#attribute_desc,"Filter expression first operand
 ldap,Lighweight Directory Access Protocol,#assertion_value,"Filter expression second operand
 line,Line,#proto_version,Protocol version currently used by the client.
-line,Line,#service_stats,Composite attribute containing the packet metrics used for each new service type detection. Note: this attribute won't be extracted in case of session expiration (eg. when the current service is not ended properly by the user).
+line,Line,#service_stats,"Composite attribute containing the packet metrics used for each new service type detection
 line,Line,#service,Current service identification string.
 line,Line,#service_id,"Composite 32-bit integer value defining the service currently used. The first byte (LSB) gives the generic service definition
 line,Line,#service_duration,"4 bytes integer value indicating
@@ -1421,7 +1422,7 @@ mpegts,MPEG-Transport Stream,#chunk_len,Data length.
 mpls,Multiprotocol Packet Label Switching,#label,Label allowing the routing process of the packet through the various LSPs (Label-Switched Paths) crossed along the delivery path.
 mplus_messenger,M+ Messenger,#service_id,"Composite 32-bit integer value defining the service currently used. The first byte (LSB) gives the generic service definition
 mplus_messenger,M+ Messenger,#service,Current service identification string.
-mplus_messenger,M+ Messenger,#service_stats,Composite attribute containing the packet metrics used for each new service type detection. Note: this attribute won't be extracted in case of session expiration (eg. when the current service is not ended properly by the user).
+mplus_messenger,M+ Messenger,#service_stats,"Composite attribute containing the packet metrics used for each new service type detection
 msn,MSN Messenger,#login,User's login string.
 msn,MSN Messenger,#sender,Contains the identity of the sender of a chat session or a file transfer.
 msn,MSN Messenger,#receiver,Contains the identity of the receiver for a chat message or a file transfer.
@@ -2020,7 +2021,7 @@ sip,Session Initiation Protocol,#user_id,Client identifier used for his register
 skyblog,Skyblog,#password,User's password string.
 skyblog,Skyblog,#login,User's login string.
 skype,Skype,#version,Skype client version.
-skype,Skype,#service_stats,Composite attribute containing the packet metrics used for each new service type detection. Note: this attribute won't be extracted in case of session expiration (eg. when the current service is not ended properly by the user).
+skype,Skype,#service_stats,"Composite attribute containing the packet metrics used for each new service type detection
 skype,Skype,#service,Current service identification string.
 skype,Skype,#service_id,"Composite 32-bit integer value defining the service currently used. The first byte (LSB) gives the generic service definition
 skype,Skype,#service_duration,"4 bytes integer value indicating
@@ -2128,6 +2129,7 @@ socks5,SOCKet Secure v5,#remote_addr,Remote IP address.
 socks5,SOCKet Secure v5,#remote_name,Fully qualified remote domain name.
 spdy,SPDY,#stream_id,Stream identifier.
 spdy,SPDY,#length,Length of the message starting at the offset of this field.
+spdy,SPDY,#associated_stream_id,Identifier for a stream which this stream is associated to.
 spdy,SPDY,#status_code,An indicator for why the stream is being terminated.
 spdy,SPDY,#header_count,The number of repeating name/value pairs following this field
 spdy,SPDY,#header_name,"Header name
@@ -2194,7 +2196,7 @@ tango,Tango Video Calls,#attach_filename,Transferred file name.
 tango,Tango Video Calls,#service_duration_tv,"Timeval structure indicating
 tango,Tango Video Calls,#service_duration,"4 bytes integer value indicating
 tango,Tango Video Calls,#service_id,"Composite 32-bit integer value defining the service currently used. The first byte (LSB) gives the generic service definition
-tango,Tango Video Calls,#service_stats,Composite attribute containing the packet metrics used for each new service type detection. Note: this attribute won't be extracted in case of session expiration (eg. when the current service is not ended properly by the user).
+tango,Tango Video Calls,#service_stats,"Composite attribute containing the packet metrics used for each new service type detection
 tango,Tango Video Calls,#service,Current service identification string.
 tango,Tango Video Calls,#callee_id,Called part identifier.
 tango,Tango Video Calls,#caller_id,Calling part identifier.
@@ -2295,6 +2297,9 @@ twitter,Twitter.com,#param_user_id,User id used as request parameter.
 twitter,Twitter.com,#action,Indicates the action executed by the user.
 twitter,Twitter.com,#login,User's login string.
 twitter,Twitter.com,#session_id,Uniquely identifies the current user session.
+twoo,Twoo.com,#login,User's login string.
+twoo,Twoo.com,#password,User's password string.
+twoo,Twoo.com,#is_mobile_service,Whether or not the access was made through a mobile device.
 udp,User Datagram Protocol,#cnx_duration,Connection duration.
 udp,User Datagram Protocol,#start_time,Timestamp of the connection start time.
 unknown,Unknown virtual protocol,#maybe_application_id,Possible application's ID for this flow.
@@ -2324,10 +2329,10 @@ vkontakte,Vk.com (Vkontakte),#name,User's full name.
 vkontakte,Vk.com (Vkontakte),#login,User's login string.
 wechat,WeChat,#service_id,"Composite 32-bit integer value defining the service currently used. The first byte (LSB) gives the generic service definition
 wechat,WeChat,#service,Current service identification string.
-wechat,WeChat,#service_stats,Composite attribute containing the packet metrics used for each new service type detection. Note: this attribute won't be extracted in case of session expiration (eg. when the current service is not ended properly by the user).
+wechat,WeChat,#service_stats,"Composite attribute containing the packet metrics used for each new service type detection
 whatsapp,WhatsApp Messenger,#service_id,"Composite 32-bit integer value defining the service currently used. The first byte (LSB) gives the generic service definition
 whatsapp,WhatsApp Messenger,#service,Current service identification string.
-whatsapp,WhatsApp Messenger,#service_stats,Composite attribute containing the packet metrics used for each new service type detection. Note: this attribute won't be extracted in case of session expiration (eg. when the current service is not ended properly by the user).
+whatsapp,WhatsApp Messenger,#service_stats,"Composite attribute containing the packet metrics used for each new service type detection
 whatsapp,WhatsApp Messenger,#phone_number,Caller phone number.
 whatsapp,WhatsApp Messenger,#version,Program version.
 wikipedia,Wikipedia.com,#query_text,Query sent to the search engine.