vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 16:09:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5405 commits 9 branches 12 tags 263 MiB
Commit graph

29 commits

Author SHA1 Message Date
Toni
a913e914e5
Added EasyWeather protocol dissector (#2912) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-07-03 12:28:48 +02:00
Ivan Nardi
aa6dcad15e
ndpiReader: print categories summary (#2895) 2025-06-21 12:41:00 +02:00
Vladimir Gavrilov
aba60ac354
Add GLBP dissector (#2879) 
GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
 2025-06-10 15:26:10 +02:00
Vladimir Gavrilov
40fe26b2f1
Add Hamachi protocol detection support (#2860) 2025-06-02 14:00:31 +02:00
Vladimir Gavrilov
afc0da6468
Simplify ZeroMQ detection (#2847) 2025-05-23 16:09:16 +02:00
Vladimir Gavrilov
74cb03eb4c
Add MELSEC protocol support (#2846) 2025-05-23 11:13:52 +02:00
Ivan Nardi
cd03cca679
IPP: fix selection bitmask (#2845) 
IPP is identified *only* as HTTP subprotocol, so it can't be over UDP
(HTTP is only over TCP...)
 2025-05-22 22:08:24 +02:00
Vladimir Gavrilov
31a8d4307e
Drop Warcraft 3 (pre Reforged) support (#2826) 2025-05-19 13:28:19 +02:00
Ivan Nardi
38be52583a
RTSP: simplify detection (#2822) 2025-05-18 20:36:58 +02:00
0xA50C1A1
edcf3579f2 Remove Half-Life 2 support; improve Source Engine protocol detection 2025-05-16 21:58:48 +02:00
Vladimir Gavrilov
5e5758ad7c
Remove Vhua support (#2816) 2025-05-15 19:40:44 +02:00
Vladimir Gavrilov
5e2912770b
Remove World Of Kung Fu support (#2815) 2025-05-15 12:03:16 +02:00
Vladimir Gavrilov
6312e4c9aa
Add Microsoft Delivery Optimization protocol (#2799) 2025-04-28 13:40:21 +02:00
Ivan Nardi
092a6e10d0 WoW: update detection 
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
 2025-03-30 20:22:09 +02:00
Ivan Nardi
b1edfdbf5c
Remove NDPI_FULLY_ENCRYPTED flow risk (#2779) 
Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated
traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk.

Disable fully-encryption detection by default, like all the obfuscation
heuristics.
 2025-03-25 17:00:03 +01:00
Toni
6a591b67aa
Add GearUP Booster protocol dissector (heuristic based). (#2765) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-03-07 20:05:44 +01:00
Ivan Nardi
85fb7eb2e5 Flow risk infos are always exported "in order" (by flow risk id) 
This way, the `ndpiReader` output doesn't change if we change the
internal logic about the order we set/check the various flow risks.

Note that the flow risk *list* is already printed by `ndpiReader`
in order.
 2025-03-04 13:23:58 +01:00
Toni
5858e1debf
Add LagoFast protocol dissector. (#2743) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-02-23 13:13:38 +01:00
Ivan Nardi
3dbc6d2523
DNS: faster exclusion (#2719) 2025-02-12 17:42:00 +01:00
Luca Deri
56e52448c4 When triggering risk "Known Proto on Non Std Port", nDPi now reports the port that was supposed to be used as default 2024-11-22 18:21:58 +01:00
Luca
4fd12278b1 Added DICOM support 
Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
 2024-11-15 18:45:51 +01:00
Luca Deri
3ce8d0e508
Implemented Mikrotik discovery protocol dissection and metadata extraction (#2618) 2024-11-14 23:34:31 +01:00
Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support (#2606) 2024-10-28 16:57:05 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Luca Deri
ec5efe5cf2 Added sonos dissector 2024-10-13 18:50:34 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support (#2581) 2024-10-07 15:45:51 +02:00
Ivan Nardi
0ddbda1f82
Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547) 
Based on the paper: "OpenVPN is Open to VPN Fingerprinting"
See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen

Basic idea:
* the distribution of the first byte of the messages (i.e. the distribution
of the op-codes) is quite unique
* this fingerprint might be still detectable even if the OpenVPN packets are
somehow fully encrypted/obfuscated

The heuristic is disabled by default.
 2024-09-16 18:38:26 +02:00