vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-04 18:00:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
4969 commits 9 branches 12 tags 263 MiB
Commit graph

7 commits

Author SHA1 Message Date
Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support (#2606) 2024-10-28 16:57:05 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support (#2581) 2024-10-07 15:45:51 +02:00
Luca
45323e3bf8 Exports DNS A/AAAA responses (up to 4 addresses) 
Changed the default to IPv4 (used to be IPv6) in case of DNS error response
 2024-10-02 15:55:35 +02:00
Ivan Nardi
ddd08f913c
Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) 
Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with
Encapsulated TLS Handshakes".
See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting

Basic idea:
* the packets/bytes distribution of a TLS handshake is quite unique
* this fingerprint is still detectable if the handshake is
encrypted/proxied/obfuscated

All heuristics are disabled by default.
 2024-09-24 14:20:31 +02:00