 |
Myra Canyon
v0.0.1-768
network control
|
|
|
Myra Canyon
v0.0.1-768
network control
|
|
Detect and examine Flash packets. More...
Functions | |
| bool | examine_flash_rtmp (Flow &flow, const Myra::PktInfo &info) |
| Examine a packet for Flash RTMP, and mark the flow if found. More... | |
Detect and examine Flash packets.
| bool Myra::Traffic::Flash::examine_flash_rtmp | ( | Myra::Flow & | flow, |
| const Myra::PktInfo & | info | ||
| ) |
Examine a packet for Flash RTMP, and mark the flow if found.
true if this exam needs to be called again for the given flow false if this exam never needs to be called again This is a port-based exam. The destination port must be 1935 and the first data byte must be 0x03.
-> flow #1494338820049597445: Unknown+FlowStart+IP+IPv4+TCP: 10.0.1.3:44578->96.17.15.181:1935
-> flow #1494338820049597445: TCP payload: number of bytes: 1448
0: 03 00 00 0b a0 80 00 07 02 4b 61 91 72 c5 fb c4 be cf f0 83 e6 8c 70 da 5d 8f b1 07 43 0a 37 e9 - .........Ka.r.........p.]...C.7.
20: 5e 1c 41 6b c7 5e e9 f8 d9 cb 7b 9d 26 ed 97 ac d0 e4 5d 62 77 a1 14 50 bb 8d 4e dc e5 5e e4 ad - ^.Ak.^....{.&.....]bw..P..N..^..
1.8.8