vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 17:00:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5391 commits 9 branches 12 tags 263 MiB
Commit graph

169 commits

Author SHA1 Message Date
Toni
a913e914e5
Added EasyWeather protocol dissector (#2912) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-07-03 12:28:48 +02:00
Ivan Nardi
898135b2f7 Fix ndpi_reconcile_protocols with classification by port/ip 2025-07-01 12:35:35 +02:00
Ivan Nardi
e0b14cc3fb
STUN: don't check NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT flow risk (#2901) 2025-06-23 18:15:48 +02:00
Ivan Nardi
aa6dcad15e
ndpiReader: print categories summary (#2895) 2025-06-21 12:41:00 +02:00
Vladimir Gavrilov
aba60ac354
Add GLBP dissector (#2879) 
GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
 2025-06-10 15:26:10 +02:00
Vladimir Gavrilov
40fe26b2f1
Add Hamachi protocol detection support (#2860) 2025-06-02 14:00:31 +02:00
Vladimir Gavrilov
afc0da6468
Simplify ZeroMQ detection (#2847) 2025-05-23 16:09:16 +02:00
Vladimir Gavrilov
74cb03eb4c
Add MELSEC protocol support (#2846) 2025-05-23 11:13:52 +02:00
Ivan Nardi
cd03cca679
IPP: fix selection bitmask (#2845) 
IPP is identified *only* as HTTP subprotocol, so it can't be over UDP
(HTTP is only over TCP...)
 2025-05-22 22:08:24 +02:00
Ivan Nardi
0d2213f7ff
Gnutella: simplify code, to support only gtk-gnutella client (#2830) 
Close #2818
 2025-05-20 15:48:56 +02:00
Vladimir Gavrilov
31a8d4307e
Drop Warcraft 3 (pre Reforged) support (#2826) 2025-05-19 13:28:19 +02:00
Ivan Nardi
38be52583a
RTSP: simplify detection (#2822) 2025-05-18 20:36:58 +02:00
0xA50C1A1
edcf3579f2 Remove Half-Life 2 support; improve Source Engine protocol detection 2025-05-16 21:58:48 +02:00
Vladimir Gavrilov
5e5758ad7c
Remove Vhua support (#2816) 2025-05-15 19:40:44 +02:00
Vladimir Gavrilov
5e2912770b
Remove World Of Kung Fu support (#2815) 2025-05-15 12:03:16 +02:00
Vladimir Gavrilov
6312e4c9aa
Add Microsoft Delivery Optimization protocol (#2799) 2025-04-28 13:40:21 +02:00
Ivan Nardi
092a6e10d0 WoW: update detection 
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
 2025-03-30 20:22:09 +02:00
Ivan Nardi
b1edfdbf5c
Remove NDPI_FULLY_ENCRYPTED flow risk (#2779) 
Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated
traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk.

Disable fully-encryption detection by default, like all the obfuscation
heuristics.
 2025-03-25 17:00:03 +01:00
Ivan Nardi
91fd1bccd2
Rework the old MapleStory code to identify traffic from generic Nexon games (#2773) 
Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic
`NDPI_PROTOCOL_NEXON`
 2025-03-19 17:58:42 +01:00
Ivan Nardi
e2ed61524b
Avoid duplicated Microsoft domains (#2770) 
Update the list

Close #2767
 2025-03-18 11:56:50 +01:00
Ivan Nardi
b02e85f7ee
Merge pull request #2760 from IvanNardi/internal_giveup 
Add a new internal function `internal_giveup()`
 2025-03-11 11:20:34 +01:00
Toni
6a591b67aa
Add GearUP Booster protocol dissector (heuristic based). (#2765) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-03-07 20:05:44 +01:00
Ivan Nardi
34dcf18128 Add a new internal function internal_giveup() 
This function is always called once for every flow, as last code
processing the flow itself.

As a first usage example, check here if the flow is unidirectional
(instead of checking it at every packets)
 2025-03-05 20:51:06 +01:00
Toni
5858e1debf
Add LagoFast protocol dissector. (#2743) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-02-23 13:13:38 +01:00
Ivan Nardi
3dbc6d2523
DNS: faster exclusion (#2719) 2025-02-12 17:42:00 +01:00
Ivan Nardi
baca06bfd2
ndpiReader: print more DNS information (#2717) 2025-02-11 18:16:55 +01:00
Ivan Nardi
73d1856525
DNS: disable subclassification by default (#2715) 
Prelimary change to start supporting multiple DNS transactions on the
same flow
 2025-02-11 13:50:00 +01:00
Ivan Nardi
62d64afde7
Auto-generate Microsoft-related list of domains (#2688) 2025-01-31 15:44:28 +01:00
Ivan Nardi
f3532f0bad
Unify "Skype" and "Teams" ids (#2687) 
* Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` ->
  `NDPI_PROTOCOL_MSTEAMS_CALL`

* Rename ip list from "Skype/Teams" to "Teams"
 2025-01-20 18:06:56 +01:00
Luca Deri
511228d36d Added DigitalOcean protocol 2025-01-17 18:26:27 +01:00
Ivan Nardi
72fd940301
Remove JA3C output from ndpiReader (#2667) 
Removing JA3C is an big task. Let's start with a simple change having an
huge impact on unit tests: remove printing of JA3C information from
ndpiReader.

This way, when we will delete the actual code, the unit tests diffs
should be a lot simpler to look at.

Note that the information if the client/server cipher is weak or
obsolete is still available via flow risk

See: #2551
 2025-01-12 13:24:27 +01:00
Toni
9a0a3bb8e7
Improved WebSocket-over-HTTP detection (#2664) 
* detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-01-11 11:23:42 +01:00
Ivan Nardi
c3d19be26f
ndpiReader: update JA statistics (#2646) 
Show JA4C and JA3S information (instead of JA3C and JA3S)
See #2551 for context
 2025-01-06 15:09:25 +01:00
Luca Deri
56e52448c4 When triggering risk "Known Proto on Non Std Port", nDPi now reports the port that was supposed to be used as default 2024-11-22 18:21:58 +01:00
Luca
4fd12278b1 Added DICOM support 
Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
 2024-11-15 18:45:51 +01:00
Luca Deri
3ce8d0e508
Implemented Mikrotik discovery protocol dissection and metadata extraction (#2618) 2024-11-14 23:34:31 +01:00
Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support (#2606) 2024-10-28 16:57:05 +01:00
Luca Deri
d5236c0aaf Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options 2024-10-27 08:17:27 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Ivan Nardi
2d7085a23e
STUN: if the same metadata is found multiple times, keep the first value (#2591) 2024-10-15 15:12:37 +02:00
Luca Deri
ec5efe5cf2 Added sonos dissector 2024-10-13 18:50:34 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support (#2581) 2024-10-07 15:45:51 +02:00
Luca
45323e3bf8 Exports DNS A/AAAA responses (up to 4 addresses) 
Changed the default to IPv4 (used to be IPv6) in case of DNS error response
 2024-10-02 15:55:35 +02:00
Ivan Nardi
456bc2a52c
Tls out of order (#2561) 
* Revert "Added fix for handling Server Hello before CLient Hello"

This reverts commit eb15b22e77.

* TLS: add some tests with unidirectional traffic

* TLS: another attempt to process CH received after the SH

Obviously, we will process unidirectional traffic longer, because we are
now waiting for messages in both directions
 2024-09-18 21:04:03 +02:00
Luca
eb15b22e77 Added fix for handling Server Hello before CLient Hello 2024-09-17 19:04:01 +02:00
Ivan Nardi
92507c0146
oracle: fix dissector (#2548) 
We can do definitely better, but this change is a big improvements
respect the current broken code
 2024-09-07 12:00:31 +02:00
Vladimir Gavrilov
81eaa3bd52
Add Lustre protocol detection support (#2544) 2024-09-04 10:22:04 +02:00
Toni
bf93f77f02
Align serialized risk names to all others (first letter; uppercase letter) (#2541) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-09-03 13:02:33 +02:00