RE: Matching streaming services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Nikolai,

Take a peek at:
* https://github.com/vel21ripn/nDPI
* https://github.com/elico/debian10-dev-ndpi-vel

It works ontop of Debian buster and couple others.
Even if you will not use this you might find in the code how they identify or try to identify specific services.

If you have control on the local DNS service you might be able to identify some of these dynamically.

Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
Zoom: Coming soon


-----Original Message-----
From: Nikolai Lusan <nikolai@xxxxxxxxxxx> 
Sent: Wednesday, January 6, 2021 8:06 PM
To: netfilter@xxxxxxxxxxxxxxx
Subject: Matching streaming services

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I have been looking for a way to differentiate traffic from streaming
services (Netflix, Amazon Prime, <insert_locally_available_service>)
from other https traffic, with not much luck. The goal is to add rules
to nftables and tc to ensure quality while allowing the rest of the
link to function normally.

I tried using tcpdump to see if there was something in the packets that
I could use, but they look like any other bit of https traffic.

Does anyone have a method for determining which http/https traffic is
streaming video, and which is not?

Thanks
- -- 
Nikolai Lusan <nikolai@xxxxxxxxxxx>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAl/1/AYACgkQ4ZaDRV2V
L6Qtaw/9EaJHbOuar8d8s4FyKU3JvJxlV0SAPsHSoSGHWFZ3j7eYj+A8SZ8vylni
AGzZ0SbstVcpW7BvnjHfo7RV1rrqdM1dTxXGecXfVuktFWg6PyWcICrUqnwo9Zkd
bQ3LO8hs8/r69mNzhOC9XxRDiHM6y1aPlHpkQgCXNhY5mdPXdqo4vdRH61N6ktg1
mwWZ3vtr0gTqCD8Ir7sVlI0TBbp4Ztl8sqHT0UOhDkwC0aWpDc0MYxg+mMv2+Cmw
wsGcVR52Nm61pryEOTJrdQL5iX7LxBdjuSB+GR+y1nwOevsQlzhrBrad42HiIgE3
WKKPWVKuInq3vOD+ZU/QKP/JPzXbsop4s/cJC6Fj+T8rnO4QPAbqDrMjdAYlmz+R
ntjKg4Nwe8WEVKwV7ftzeeEb8iLBjm+5qbFysMoumMo4D2om9DX3mCmEdzz8HASe
5Xw0vkNJI3AgjNRyU462ybrV+ZtYDiM3e71PiOvf/MKyiORzEZ0OQxtpdd9KHChJ
aAjwtfKgz0H/ZJoQdArtqjhQTTHXEOBR0S6t32MBSsuLbuStdQ5Jbi1eG7KrKvkw
mkRLlupzqShncZArNFLDIatVazG3Vx3Bav//CxXM28A0bm8YgnQkz3p6NIf6SSOY
GTayCQbOZGG7SilV34dA/F8zwN4W5v4baL30CwLkQY1MDD4+xeY=
=kKYX
-----END PGP SIGNATURE-----





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux