Some popular applications seem to be missing

[ChrisNelson-CyberReef]

The protocol list includes things like Disney+ and Amazon Video but other mainstream streaming applications like HBO and Showtime seem to be missing. I know those brands and others have changed hands so it's possible they are part of another protocol I don't recognize (like Ookla and SpeedTest). I'm interested in Apple TV+, DirecTV, I Heart Radio, HBO, Showtime. Are any of those there "in disguise"?

[utoni]

If you can provide a pcap file for every application you're interested in, I'll investigate and may be able to find some detection patterns.

[ChrisNelson-CyberReef]

I don't have any captures right now. I may gather them as I continue to work on it. I wonder, though, if the domains (like those in src/lib/ndpi_content_match.c.inc) is enough. That seems to be the only place in the source that Disney+ is mentioned.

[IvanNardi]

Traces will be extremely useful; some (most?) of these services are behind some kind of subscription and some of them are even unavailable in my country. Generally speaking, most of the streaming services are usually identified via domain name or via ip matching

[ChrisNelson-CyberReef]

I was going to start with https://www.netify.ai/resources/applications and see what I can add. Would you like a PR for my additions? Or is there a file like src/lib/ndpi_content_match.c.inc for user-defined protocols?

[IvanNardi]

A PR will be very welcomed! You simply need to:

• extend protocol list in src/include/ndpi_protocol_ids.h
• extend rules at the end of host_match in src/lib/ndpi_content_match.c.inc: domain, protocol, a suitable category (likely NDPI_PROTOCOL_CATEGORY_MEDIA) and breed (likely NDPI_PROTOCOL_FUN)