vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5405 commits 9 branches 12 tags 263 MiB
Commit graph

43 commits

Author SHA1 Message Date
Toni
a913e914e5
Added EasyWeather protocol dissector (#2912) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-07-03 12:28:48 +02:00
Ivan Nardi
aa6dcad15e
ndpiReader: print categories summary (#2895) 2025-06-21 12:41:00 +02:00
Vladimir Gavrilov
aba60ac354
Add GLBP dissector (#2879) 
GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
 2025-06-10 15:26:10 +02:00
Vladimir Gavrilov
40fe26b2f1
Add Hamachi protocol detection support (#2860) 2025-06-02 14:00:31 +02:00
Vladimir Gavrilov
afc0da6468
Simplify ZeroMQ detection (#2847) 2025-05-23 16:09:16 +02:00
Vladimir Gavrilov
74cb03eb4c
Add MELSEC protocol support (#2846) 2025-05-23 11:13:52 +02:00
Ivan Nardi
cd03cca679
IPP: fix selection bitmask (#2845) 
IPP is identified *only* as HTTP subprotocol, so it can't be over UDP
(HTTP is only over TCP...)
 2025-05-22 22:08:24 +02:00
Ivan Nardi
0d2213f7ff
Gnutella: simplify code, to support only gtk-gnutella client (#2830) 
Close #2818
 2025-05-20 15:48:56 +02:00
Vladimir Gavrilov
31a8d4307e
Drop Warcraft 3 (pre Reforged) support (#2826) 2025-05-19 13:28:19 +02:00
Ivan Nardi
38be52583a
RTSP: simplify detection (#2822) 2025-05-18 20:36:58 +02:00
0xA50C1A1
edcf3579f2 Remove Half-Life 2 support; improve Source Engine protocol detection 2025-05-16 21:58:48 +02:00
Vladimir Gavrilov
5e5758ad7c
Remove Vhua support (#2816) 2025-05-15 19:40:44 +02:00
Vladimir Gavrilov
5e2912770b
Remove World Of Kung Fu support (#2815) 2025-05-15 12:03:16 +02:00
Vladimir Gavrilov
6312e4c9aa
Add Microsoft Delivery Optimization protocol (#2799) 2025-04-28 13:40:21 +02:00
Ivan Nardi
21bbf83605
FPC: save all addresses from DNS to fpc_dns cache (#2792) 2025-04-10 12:44:15 +02:00
Ivan Nardi
092a6e10d0 WoW: update detection 
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
 2025-03-30 20:22:09 +02:00
Ivan Nardi
91fd1bccd2
Rework the old MapleStory code to identify traffic from generic Nexon games (#2773) 
Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic
`NDPI_PROTOCOL_NEXON`
 2025-03-19 17:58:42 +01:00
Ivan Nardi
b02e85f7ee
Merge pull request #2760 from IvanNardi/internal_giveup 
Add a new internal function `internal_giveup()`
 2025-03-11 11:20:34 +01:00
Toni
6a591b67aa
Add GearUP Booster protocol dissector (heuristic based). (#2765) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-03-07 20:05:44 +01:00
Ivan Nardi
34dcf18128 Add a new internal function internal_giveup() 
This function is always called once for every flow, as last code
processing the flow itself.

As a first usage example, check here if the flow is unidirectional
(instead of checking it at every packets)
 2025-03-05 20:51:06 +01:00
Ivan Nardi
85fb7eb2e5 Flow risk infos are always exported "in order" (by flow risk id) 
This way, the `ndpiReader` output doesn't change if we change the
internal logic about the order we set/check the various flow risks.

Note that the flow risk *list* is already printed by `ndpiReader`
in order.
 2025-03-04 13:23:58 +01:00
Luca Deri
4c15036e3d Improved Google PlayStore detection 2025-02-24 18:41:24 +01:00
Toni
5858e1debf
Add LagoFast protocol dissector. (#2743) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-02-23 13:13:38 +01:00
Luca Deri
2c414f1b28 Fixed bug in domain name computation 2025-02-17 21:50:19 +00:00
Ivan Nardi
3dbc6d2523
DNS: faster exclusion (#2719) 2025-02-12 17:42:00 +01:00
Ivan Nardi
baca06bfd2
ndpiReader: print more DNS information (#2717) 2025-02-11 18:16:55 +01:00
Ivan Nardi
73d1856525
DNS: disable subclassification by default (#2715) 
Prelimary change to start supporting multiple DNS transactions on the
same flow
 2025-02-11 13:50:00 +01:00
Ivan Nardi
72fd940301
Remove JA3C output from ndpiReader (#2667) 
Removing JA3C is an big task. Let's start with a simple change having an
huge impact on unit tests: remove printing of JA3C information from
ndpiReader.

This way, when we will delete the actual code, the unit tests diffs
should be a lot simpler to look at.

Note that the information if the client/server cipher is weak or
obsolete is still available via flow risk

See: #2551
 2025-01-12 13:24:27 +01:00
Ivan Nardi
5c0143ce58
HTTP: fix entropy calculation (#2666) 
We calculate HTTP entropy according to "Content-type:" header, see
`ndpi_validate_http_content()` on HTTP code
 2025-01-12 12:49:32 +01:00
Toni
9a0a3bb8e7
Improved WebSocket-over-HTTP detection (#2664) 
* detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-01-11 11:23:42 +01:00
Ivan Nardi
c3d19be26f
ndpiReader: update JA statistics (#2646) 
Show JA4C and JA3S information (instead of JA3C and JA3S)
See #2551 for context
 2025-01-06 15:09:25 +01:00
Luca Deri
71de91dc7a Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast messages when used to browse (old) network devices 2025-01-03 11:15:27 +01:00
Luca Deri
56e52448c4 When triggering risk "Known Proto on Non Std Port", nDPi now reports the port that was supposed to be used as default 2024-11-22 18:21:58 +01:00
Luca
4fd12278b1 Added DICOM support 
Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
 2024-11-15 18:45:51 +01:00
Luca Deri
3ce8d0e508
Implemented Mikrotik discovery protocol dissection and metadata extraction (#2618) 2024-11-14 23:34:31 +01:00
Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support (#2606) 2024-10-28 16:57:05 +01:00
Luca Deri
d5236c0aaf Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options 2024-10-27 08:17:27 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Luca Deri
ec5efe5cf2 Added sonos dissector 2024-10-13 18:50:34 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support (#2581) 2024-10-07 15:45:51 +02:00
Liam Wilson
80971e4a17
Allow IP guess before port in ndpi_detection_giveup (#2562) 
Add dpi.guess_ip_before_port which when enabled uses classification
by-ip before classification by-port.
 2024-09-20 10:25:41 +02:00