Hey Nikolai, Take a peek at: * https://github.com/vel21ripn/nDPI * https://github.com/elico/debian10-dev-ndpi-vel It works ontop of Debian buster and couple others. Even if you will not use this you might find in the code how they identify or try to identify specific services. If you have control on the local DNS service you might be able to identify some of these dynamically. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx Zoom: Coming soon -----Original Message----- From: Nikolai Lusan <nikolai@xxxxxxxxxxx> Sent: Wednesday, January 6, 2021 8:06 PM To: netfilter@xxxxxxxxxxxxxxx Subject: Matching streaming services -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I have been looking for a way to differentiate traffic from streaming services (Netflix, Amazon Prime, <insert_locally_available_service>) from other https traffic, with not much luck. The goal is to add rules to nftables and tc to ensure quality while allowing the rest of the link to function normally. I tried using tcpdump to see if there was something in the packets that I could use, but they look like any other bit of https traffic. Does anyone have a method for determining which http/https traffic is streaming video, and which is not? Thanks - -- Nikolai Lusan <nikolai@xxxxxxxxxxx> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAl/1/AYACgkQ4ZaDRV2V L6Qtaw/9EaJHbOuar8d8s4FyKU3JvJxlV0SAPsHSoSGHWFZ3j7eYj+A8SZ8vylni AGzZ0SbstVcpW7BvnjHfo7RV1rrqdM1dTxXGecXfVuktFWg6PyWcICrUqnwo9Zkd bQ3LO8hs8/r69mNzhOC9XxRDiHM6y1aPlHpkQgCXNhY5mdPXdqo4vdRH61N6ktg1 mwWZ3vtr0gTqCD8Ir7sVlI0TBbp4Ztl8sqHT0UOhDkwC0aWpDc0MYxg+mMv2+Cmw wsGcVR52Nm61pryEOTJrdQL5iX7LxBdjuSB+GR+y1nwOevsQlzhrBrad42HiIgE3 WKKPWVKuInq3vOD+ZU/QKP/JPzXbsop4s/cJC6Fj+T8rnO4QPAbqDrMjdAYlmz+R ntjKg4Nwe8WEVKwV7ftzeeEb8iLBjm+5qbFysMoumMo4D2om9DX3mCmEdzz8HASe 5Xw0vkNJI3AgjNRyU462ybrV+ZtYDiM3e71PiOvf/MKyiORzEZ0OQxtpdd9KHChJ aAjwtfKgz0H/ZJoQdArtqjhQTTHXEOBR0S6t32MBSsuLbuStdQ5Jbi1eG7KrKvkw mkRLlupzqShncZArNFLDIatVazG3Vx3Bav//CxXM28A0bm8YgnQkz3p6NIf6SSOY GTayCQbOZGG7SilV34dA/F8zwN4W5v4baL30CwLkQY1MDD4+xeY= =kKYX -----END PGP SIGNATURE-----