The most challenging is that youtube app(and several others apps btw
too) in android doesn't use SNI for TLS/SSL, so i guess there is no
reliable way to detect if it's youtube or some other traffic going over
same google server.
On 2015-03-12 16:24, Luca Deri wrote:
There is nothing special to do. If it does not work please provide a
pcap file to test with
Regards Luca
On 12 Mar 2015, at 13:35, Ming-Ching Tiew <[email protected]> wrote:
Sorry the mailer on mobile phone messed things up and I am
resending.
Thanks for the info, I will do further testing to find out why my
tests did not pick up youtube traffic over ssl.
Is the a compile options of nDPI where some missing libraries on my
test machine which could have caused this ?
-------------------------
FROM: Luca Deri <[email protected]>
TO: [email protected]; Ming-Ching Tiew
<[email protected]>
SENT: Thursday, March 12, 2015 7:18 PM
SUBJECT: Re: [Ntop-misc] ndpi to support youtube over ssl ?
Not quite I have just tested it
1 TCP 149.3.176.18:443 <-> 192.168.1.92:52002 [proto:
124/YouTube][19 pkts/6626 bytes][SSL client:
r7---sn-nx5cvox-hpa6.googlevideo.com [1]]
2 TCP 149.3.176.14:443 <-> 192.168.1.92:52004 [proto:
124/YouTube][772 pkts/698990 bytes][SSL client:
r3---sn-nx5cvox-hpa6.googlevideo.com [1]]
6 TCP 173.194.40.1:443 <-> 192.168.1.92:51983 [proto:
124/YouTube][20 pkts/6100 bytes][SSL client: www.youtube.com [2]]
7 TCP 173.194.40.6:443 <-> 192.168.1.92:51985 [proto:
124/YouTube][22 pkts/6262 bytes][SSL client: s.ytimg.com [3]]
8 TCP 173.194.40.6:443 <-> 192.168.1.92:51987 [proto:
124/YouTube][20 pkts/6096 bytes][SSL client: s.ytimg.com [3]]
9 TCP 173.194.40.6:443 <-> 192.168.1.92:51989 [proto:
124/YouTube][20 pkts/6095 bytes][SSL client: s.ytimg.com [3]]
11 TCP 173.194.40.8:443 <-> 192.168.1.92:52007 [proto:
124/YouTube][39 pkts/9046 bytes][SSL client:
www.youtube-nocookie.com [4]]
31 TCP 192.168.1.92:52027 <-> 74.125.6.183:443 [proto:
124/YouTube][140 pkts/116031 bytes][SSL client:
r18---sn-5uaeznl7.googlevideo.com [5]]
33 TCP 149.3.176.14:443 <-> 192.168.1.92:52003 [proto:
124/YouTube][2378 pkts/2707249 bytes][SSL client:
r3---sn-nx5cvox-hpa6.googlevideo.com [1]]
37 TCP 173.194.40.1:443 <-> 192.168.1.92:51982 [proto:
124/YouTube][388 pkts/138593 bytes][SSL client: www.youtube.com [2]]
38 TCP 173.194.40.6:443 <-> 192.168.1.92:51984 [proto:
124/YouTube][2461 pkts/2010874 bytes][SSL client: s.ytimg.com [3]]
39 TCP 173.194.40.6:443 <-> 192.168.1.92:51986 [proto:
124/YouTube][20 pkts/6095 bytes][SSL client: s.ytimg.com [3]]
40 TCP 173.194.40.6:443 <-> 192.168.1.92:51988 [proto:
124/YouTube][20 pkts/6096 bytes][SSL client: s.ytimg.com [3]]
Regards Luca
On 12 Mar 2015, at 11:31, Ming-Ching Tiew <[email protected]> wrote:
Yes I test it, from ndpiReader and netfilter ndpi, both could not
see youtube over SSL.
Only SSL is detected, nothing is recorded for youtube when I watch
youtube over https. Btw, it's build 8598.
-------------------------
FROM: Luca Deri <[email protected]>
TO: [email protected]; Ming-Ching Tiew
<[email protected]>
SENT: Thursday, March 12, 2015 6:08 PM
SUBJECT: Re: [Ntop-misc] ndpi to support youtube over ssl ?
Ming
did you test nDPI?
Luca
On 12 Mar 2015, at 09:46, Ming-Ching Tiew <[email protected]> wrote:
Is there a support for ndpi to detect youtube over ssl ?
Most of the youtube traffic today are carried over ssl. That
practically rendered vanilla youtube detection useless.
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc [6]
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc [6]
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Links:
------
[1] http://sn-nx5cvox-hpa6.googlevideo.com/
[2] http://www.youtube.com/
[3] http://s.ytimg.com/
[4] http://www.youtube-nocookie.com/
[5] http://sn-5uaeznl7.googlevideo.com/
[6] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
