Closed martinscheu closed 2 years ago
I can confirm this issue. It seems that the skype detection patterns are not sufficient and need to be improved. Does PR #1003 fix the issue (quick-fix) ?
pcap: skype-public.zip
Hi @martinscheu, I know it was a long time ago, but any chance that you remember the origin of this trace? I am asking, because it is quite strange, IMO:
Are you sure that was HSRP traffic? Do you sanitize/anonymize this trace somehow? Thanks
pcap: skype-public.zip
Hi @martinscheu, I know it was a long time ago, but any chance that you remember the origin of this trace? I am asking, because it is quite strange, IMO:
* according to all the HSRP documentation I have found, the ip destination of HSRP packets should always be some kind of multicast address * the packets in the trace seems to be HSRPv2 (even if Wireshark is not able to recognize them!!) but they have a non multicast (and global!!) address as ip destination
Are you sure that was HSRP traffic? Do you sanitize/anonymize this trace somehow? Thanks
@martinscheu, kindly pinging...
Closing for inactivity
Hello
nDPI does mark Cisco HSRP (hot standby router protocol) as skype traffic:
pcap: skype-public.zip
nDPI Version: 3.3.0-2691-59ac73b3
regards, Martin