vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-04 18:00:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
4969 commits 9 branches 12 tags 263 MiB
Commit graph

29 commits

Author SHA1 Message Date
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Luca
eeb1c281ad Fixed handling of spurious TCP retransmissions 2024-09-17 19:04:01 +02:00
Toni
bf93f77f02
Align serialized risk names to all others (first letter; uppercase letter) (#2541) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-09-03 13:02:33 +02:00
Luca Deri
fc4fb4d409 Fixed probing attempt risk that was creating false positives 2024-08-07 11:38:41 +02:00
Ivan Nardi
2740a4f4e3
Update all IP lists (#2515) 
The `suffix_id` is simply an incremental index (see
`ndpi_load_domain_suffixes`), so its value might changes every time we
update the public suffix list.
 2024-08-02 15:06:08 +02:00
Ivan Nardi
85501c9aaa
FPC: add DPI information (#2514) 
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
 2024-07-23 08:50:27 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Luca
44a290286b More NDPI_PROBING_ATTEMPT changes 2024-05-22 18:04:33 +02:00
Toni
18e03a26ca
Add extra entropy checks and more precise(?) analysis. (#2383) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-05-09 15:24:11 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
Ivan Nardi
8321b79539
Make some test traces smaller (#2243) 
Having smaller traces help fuzzing: we want the fuzzers to mutate
"interesting" packets analyzed by nDPI, i.e. the first packets of each
flows.
Try hard to keep the same classification and extraction capabilities
 2024-01-08 17:04:12 +01:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Vladimir Gavrilov
7f9973bd0c
Add HL7 protocol dissector (#2240) 
* Add HL7 protocol dissector

* Small fixes

* Small fixes
 2024-01-02 20:57:05 +01:00
Luca Deri
8285fffdae Implements JA4 Support (#2191) 2023-12-22 20:40:42 +01:00
Vladimir Gavrilov
149067b3fc
Add JSON-RPC protocol dissector (#2217) 
* Add JSON-RPC protocol dissector

* Small fixes

* Improve detection
 2023-12-20 12:42:25 +01:00
Ivan Nardi
241c42ad7e
ndpiReader: fix guessed_flow_protocols statistic (#2203) 
Increment the counter only if the flow has been guessed
 2023-12-12 19:44:03 +01:00
Toni
6dcecd73d3
Added malicious sites from the polish cert. (#2121) 
* added handling of parsing errors

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-11-02 09:04:04 +01:00
Ivan Nardi
32b50f5aa4
IPv6: add support for IPv6 risk exceptions (#2122) 2023-10-29 12:14:20 +01:00
Ivan Nardi
e8e4b9e8ff
IPv6: add support for IPv6 risk tree (#2118) 
Fix the script to download crawler addressess
 2023-10-27 13:58:15 +02:00
Ivan Nardi
611c3b66f0
ipv6: add support for ipv6 addresses lists (#2113) 2023-10-26 20:15:44 +02:00
Luca Deri
b6179467eb Added NDPI_MALWARE_HOST_CONTACTED flow risk 2023-10-13 00:01:55 +02:00
Luca Deri
fea09e825b Fixes risk mask exception handling while improving the overall performance 2023-07-14 19:52:34 +02:00
Toni
1678888284
Add Apache Thrift protocol dissector. (#2007) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-06-22 13:07:32 +02:00
Ivan Nardi
0223d3c4f5
HTTP: improve extraction of metadata and of flow risks (#1959) 2023-05-05 13:35:20 +02:00
Ivan Nardi
7714507f81
Test multiple ndpiReader configurations (#1931) 
Extend internal unit tests to handle multiple configurations.
As some examples, add tests about:
* disabling some protocols
* disabling Ookla aggressiveness

Every configurations data is stored in a dedicated directory under
`tests\cfgs`
 2023-04-06 11:30:36 +02:00
Renamed from tests/result/malware.pcap.out (Browse further)