Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support ( #2606 )
2024-10-28 16:57:05 +01:00
Luca Deri
d5236c0aaf
Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options
2024-10-27 08:17:27 +01:00
Luca Deri
4e78d903e8
Improved TCP fingerprint
2024-10-20 23:14:46 +02:00
Luca Deri
14b076a58b
Improved TCP fingerprint
2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd
Improved TCP fingepring calculation
...
Adde basidc OS detection based on TCP fingerprint
2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size ( #2596 )
...
Build fix
2024-10-18 07:17:03 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support ( #2581 )
2024-10-07 15:45:51 +02:00
Luca
45323e3bf8
Exports DNS A/AAAA responses (up to 4 addresses)
...
Changed the default to IPv4 (used to be IPv6) in case of DNS error response
2024-10-02 15:55:35 +02:00
Ivan Nardi
456bc2a52c
Tls out of order ( #2561 )
...
* Revert "Added fix for handling Server Hello before CLient Hello"
This reverts commit eb15b22e77
2024-09-18 21:04:03 +02:00
Luca
eb15b22e77
Added fix for handling Server Hello before CLient Hello
2024-09-17 19:04:01 +02:00
Ivan Nardi
92507c0146
oracle: fix dissector ( #2548 )
...
We can do definitely better, but this change is a big improvements
respect the current broken code
2024-09-07 12:00:31 +02:00
Vladimir Gavrilov
81eaa3bd52
Add Lustre protocol detection support ( #2544 )
2024-09-04 10:22:04 +02:00
Toni
bf93f77f02
Align serialized risk names to all others (first letter; uppercase letter) ( #2541 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2024-09-03 13:02:33 +02:00
Vladimir Gavrilov
3189f19b0f
Fix CNP-IP false positives ( #2531 )
2024-08-30 13:31:34 +02:00
Vladimir Gavrilov
64a5dc3cb3
Add TRDP protocol support ( #2528 )
...
The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
2024-08-25 13:31:39 +02:00
wssxsxxsx
8894ebc76f
Add Automatic Tank Gauge protocol ( #2527 )
...
See also #2523
---------
Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
2024-08-23 22:35:08 +02:00
Vladimir Gavrilov
a10c48c80a
Add CNP/IP protocol support ( #2521 )
...
ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
2024-08-22 15:26:32 +02:00
Luca Deri
fc4fb4d409
Fixed probing attempt risk that was creating false positives
2024-08-07 11:38:41 +02:00
Ivan Nardi
85501c9aaa
FPC: add DPI information ( #2514 )
...
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
2024-07-23 08:50:27 +02:00
Vladimir Gavrilov
b15337a32b
Add OpenWire support ( #2513 )
2024-07-22 19:20:44 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements ( #2512 )
...
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
2024-07-22 17:42:23 +02:00
mmanoj
67f5cdafc0
FPC: add DNS correlation ( #2497 )
...
Use DNS information to get a better First Packet Classification.
See: #2322
---------
Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
2024-07-22 11:34:07 +02:00
Vladimir Gavrilov
6a77a891a8
Add Nano (XNO) protocol support ( #2508 )
2024-07-18 16:18:12 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification ( #2488 )
...
Let's start with some basic helpers and with FPC based on flow addresses.
See: #2322
2024-07-03 18:02:07 +02:00
Nardi Ivan
526cf6f291
Zoom: remove "stun_zoom" LRU cache
...
Since 070a0908b
2024-06-17 10:19:55 +02:00
Mark Jeffery
f796c94375
Added protocol - JRMI - Java Remote Method Invocation ( #2470 )
2024-06-15 10:52:28 +02:00
Maatuq
6127e04900
support rtp/rtcp over tcp ( #2422 ) ( #2457 )
...
Support rtp/rtcp over tcp as per rfc4571.
Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
2024-05-28 22:01:08 +02:00
Ivan Nardi
25f8964a23
CiscoVPN: we detect it only over UDP ( #2454 )
...
The original code handled also TCP/TLS, but it was removed in 6fc29b3ae
2024-05-28 14:07:48 +02:00
Luca
44a290286b
More NDPI_PROBING_ATTEMPT changes
2024-05-22 18:04:33 +02:00
Ivan Nardi
0109014f2c
Follow-up of 2093ac5bf ( #2451 )
2024-05-21 12:47:25 +02:00
Luca Deri
2093ac5bf6
Minor dissector optimizations
2024-05-20 12:17:04 +02:00
Ivan Nardi
0110623b4e
H323: improve detection and avoid false positives ( #2432 )
2024-05-11 23:39:54 +02:00
Toni
18e03a26ca
Add extra entropy checks and more precise(?) analysis. ( #2383 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2024-05-09 15:24:11 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache ( #2420 )
...
This cache was added in b6b4967aa63f349319
2024-05-06 12:51:45 +02:00
Ivan Nardi
266af02752
Merge RTP and RTCP logic ( #2416 )
...
Avoid code duplication between these two protocols.
We remove support for RTCP over TCP; it is quite rare to find this kind
of traffic and, more important, we have never had support for RTP
over TCP: we should try to add both detecion as follow-up.
Fix a message log in the LINE code
2024-05-06 10:19:46 +02:00
Ivan Nardi
a6fd981fcf
eDonkey: improve/update classification ( #2410 )
...
eDonkey is definitely not as used as >10 years ago, but it seems it is
still active.
While having a basic TCP support seems easy, identification over UDP doesn't
work and it is hard to do it rightly (packets might be only 2 bytes long):
remove it.
Credits to V.G <v.gavrilov@securitycode.ru>
2024-05-04 19:11:31 +02:00
Luca Deri
57ecbf38c0
Updated JA4 test results
2024-05-02 17:40:24 +02:00
0x41CEA55
fd388845d5
Add BFCP protocol support ( #2401 )
2024-04-23 15:35:19 +02:00
0x41CEA55
905120588b
Remove obsolete protocols: tuenty, tvuplayer and kontiki ( #2398 )
2024-04-19 21:35:32 +02:00
0x41CEA55
e75d7a620e
Add KNXnet/IP protocol support ( #2397 )
...
* Add KNXnet/IP protocol support
* Improve KNXnet/IP over TCP detection
2024-04-19 12:54:00 +02:00
Vladimir Gavrilov
c63697205b
Add Label Distribution Protocol support ( #2385 )
...
* Add Label Distribution Protocol support
* Fix typo
* Update unit test results
2024-04-12 17:44:36 +02:00
Vladimir Gavrilov
9ff4bece33
Add The Elder Scrolls Online support ( #2376 )
...
* Add The Elder Scrolls Online support
* Use ndpi_memmem instead of memmem from libc
* Add protocol description
* Change selection bitmask to V4_V6
* Update protocols.rst
2024-04-10 18:04:02 +02:00
Luca Deri
bd2968dcd3
Tuned DNS risk values
...
Modified NDPI_BINARY_TRANSFER_ATTEMPT in NDPI_BINARY_DATA_TRANSFER
2024-04-09 10:22:01 +02:00
Toni
727e72d1f1
Calculate packet entropy for unknown protocols. ( #2369 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2024-04-06 17:01:19 +02:00
Vladimir Gavrilov
e2949048e0
Add Path of Exile protocol dissector ( #2337 )
...
* Add Path of Exile protocol dissector
* Update protocols.rst
2024-03-06 19:59:09 +01:00
Vladimir Gavrilov
66b6e2b3f2
Add DLEP protocol dissector ( #2326 )
2024-02-20 16:05:41 +01:00
Vladimir Gavrilov
e93bcfd619
Add ANSI C12.22 protocol dissector ( #2317 )
...
* Add ANSI C12.22 protocol dissector
* Add UDP sample
2024-02-15 09:36:06 +01:00
Vladimir Gavrilov
6207be43fa
Add TencentGames protocol dissector ( #2306 )
2024-02-08 08:10:35 +01:00
Vladimir Gavrilov
4c9446379f
Add Gearman protocol dissector ( #2297 )
2024-02-01 19:46:57 +01:00
Luca Deri
6c08601c3d
Updated result
2024-01-29 12:27:52 +01:00
