Toni
a913e914e5
Added EasyWeather protocol dissector ( #2912 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-07-03 12:28:48 +02:00
Ivan Nardi
aa6dcad15e
ndpiReader: print categories summary ( #2895 )
2025-06-21 12:41:00 +02:00
Vladimir Gavrilov
aba60ac354
Add GLBP dissector ( #2879 )
...
GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
2025-06-10 15:26:10 +02:00
Vladimir Gavrilov
40fe26b2f1
Add Hamachi protocol detection support ( #2860 )
2025-06-02 14:00:31 +02:00
Vladimir Gavrilov
74cb03eb4c
Add MELSEC protocol support ( #2846 )
2025-05-23 11:13:52 +02:00
Ivan Nardi
cd03cca679
IPP: fix selection bitmask ( #2845 )
...
IPP is identified *only* as HTTP subprotocol, so it can't be over UDP
(HTTP is only over TCP...)
2025-05-22 22:08:24 +02:00
Ivan Nardi
0d2213f7ff
Gnutella: simplify code, to support only gtk-gnutella client ( #2830 )
...
Close #2818
2025-05-20 15:48:56 +02:00
Vladimir Gavrilov
31a8d4307e
Drop Warcraft 3 (pre Reforged) support ( #2826 )
2025-05-19 13:28:19 +02:00
Ivan Nardi
38be52583a
RTSP: simplify detection ( #2822 )
2025-05-18 20:36:58 +02:00
0xA50C1A1
edcf3579f2
Remove Half-Life 2 support; improve Source Engine protocol detection
2025-05-16 21:58:48 +02:00
Vladimir Gavrilov
5e5758ad7c
Remove Vhua support ( #2816 )
2025-05-15 19:40:44 +02:00
Ivan Nardi
092a6e10d0
WoW: update detection
...
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
2025-03-30 20:22:09 +02:00
Ivan Nardi
91fd1bccd2
Rework the old MapleStory code to identify traffic from generic Nexon games ( #2773 )
...
Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic
`NDPI_PROTOCOL_NEXON`
2025-03-19 17:58:42 +01:00
Ivan Nardi
b02e85f7ee
Merge pull request #2760 from IvanNardi/internal_giveup
...
Add a new internal function `internal_giveup()`
2025-03-11 11:20:34 +01:00
Toni
6a591b67aa
Add GearUP Booster protocol dissector (heuristic based). ( #2765 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-03-07 20:05:44 +01:00
Ivan Nardi
34dcf18128
Add a new internal function internal_giveup()
...
This function is always called once for every flow, as last code
processing the flow itself.
As a first usage example, check here if the flow is unidirectional
(instead of checking it at every packets)
2025-03-05 20:51:06 +01:00
Ivan Nardi
85fb7eb2e5
Flow risk infos are always exported "in order" (by flow risk id)
...
This way, the `ndpiReader` output doesn't change if we change the
internal logic about the order we set/check the various flow risks.
Note that the flow risk *list* is already printed by `ndpiReader`
in order.
2025-03-04 13:23:58 +01:00
Toni
5858e1debf
Add LagoFast protocol dissector. ( #2743 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-02-23 13:13:38 +01:00
Ivan Nardi
3dbc6d2523
DNS: faster exclusion ( #2719 )
2025-02-12 17:42:00 +01:00
Ivan Nardi
63a3547f99
Add (kind of) support for loading a list of JA4C malicious fingerprints ( #2678 )
...
It might be usefull to be able to match traffic against a list of
suspicious JA4C fingerprints
Use the same code/logic/infrastructure used for JA3C (note that we are
going to remove JA3C...)
See: #2551
2025-01-14 12:05:03 +01:00
Ivan Nardi
72fd940301
Remove JA3C output from ndpiReader ( #2667 )
...
Removing JA3C is an big task. Let's start with a simple change having an
huge impact on unit tests: remove printing of JA3C information from
ndpiReader.
This way, when we will delete the actual code, the unit tests diffs
should be a lot simpler to look at.
Note that the information if the client/server cipher is weak or
obsolete is still available via flow risk
See: #2551
2025-01-12 13:24:27 +01:00
Toni
9a0a3bb8e7
Improved WebSocket-over-HTTP detection ( #2664 )
...
* detect `chisel` SSH-over-HTTP-WebSocket
* use `strncasecmp()` for `LINE_*` matching macros
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-01-11 11:23:42 +01:00
Ivan Nardi
c3d19be26f
ndpiReader: update JA statistics ( #2646 )
...
Show JA4C and JA3S information (instead of JA3C and JA3S)
See #2551 for context
2025-01-06 15:09:25 +01:00
Ivan Nardi
e77ff5ebd8
TLS: fix NDPI_TLS_WEAK_CIPHER flow risk ( #2647 )
...
We should set it also for "obsolete"/"insecure" ciphers, not only for
the "weak" ones.
2025-01-06 13:16:57 +01:00
Ivan Nardi
1140d28c3d
Sync unit tests results
2024-11-21 09:53:10 +01:00
Luca Deri
3ce8d0e508
Implemented Mikrotik discovery protocol dissection and metadata extraction ( #2618 )
2024-11-14 23:34:31 +01:00
Ivan Nardi
1bda2bf414
SIP: extract some basic metadata
2024-11-12 13:34:25 +01:00
Luca Deri
ddbdae9947
Improved fingerprints
2024-10-21 10:58:29 +02:00
Luca Deri
14b076a58b
Improved TCP fingerprint
2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd
Improved TCP fingepring calculation
...
Adde basidc OS detection based on TCP fingerprint
2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size ( #2596 )
...
Build fix
2024-10-18 07:17:03 +02:00
Luca Deri
ec5efe5cf2
Added sonos dissector
2024-10-13 18:50:34 +02:00
Ivan Nardi
456bc2a52c
Tls out of order ( #2561 )
...
* Revert "Added fix for handling Server Hello before CLient Hello"
This reverts commit eb15b22e77
2024-09-18 21:04:03 +02:00
Luca
eb15b22e77
Added fix for handling Server Hello before CLient Hello
2024-09-17 19:04:01 +02:00
Vladimir Gavrilov
64a5dc3cb3
Add TRDP protocol support ( #2528 )
...
The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
2024-08-25 13:31:39 +02:00
Luca Deri
763a9c6474
Tests output update
2024-08-25 11:53:15 +02:00
Vladimir Gavrilov
a10c48c80a
Add CNP/IP protocol support ( #2521 )
...
ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
2024-08-22 15:26:32 +02:00
Luca Deri
fc4fb4d409
Fixed probing attempt risk that was creating false positives
2024-08-07 11:38:41 +02:00
Ivan Nardi
85501c9aaa
FPC: add DPI information ( #2514 )
...
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
2024-07-23 08:50:27 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements ( #2512 )
...
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
2024-07-22 17:42:23 +02:00
Ivan Nardi
456f0fd427
Improve detection of Cloudflare WARP traffic ( #2491 )
...
See: #2484
2024-07-04 08:59:04 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification ( #2488 )
...
Let's start with some basic helpers and with FPC based on flow addresses.
See: #2322
2024-07-03 18:02:07 +02:00
Toni
8fd649ab1e
Add Ripe Atlas probe protocol. ( #2473 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2024-06-17 11:00:38 +02:00
Nardi Ivan
526cf6f291
Zoom: remove "stun_zoom" LRU cache
...
Since 070a0908b
2024-06-17 10:19:55 +02:00
Toni
80171dbcf3
Add ZUG consensus protocol dissector. ( #2458 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2024-05-28 20:29:48 +02:00
Luca
44a290286b
More NDPI_PROBING_ATTEMPT changes
2024-05-22 18:04:33 +02:00
Ivan Nardi
0109014f2c
Follow-up of 2093ac5bf ( #2451 )
2024-05-21 12:47:25 +02:00
Luca Deri
2093ac5bf6
Minor dissector optimizations
2024-05-20 12:17:04 +02:00
Vladimir Gavrilov
3d1da00d8d
Add Call of Duty Mobile support ( #2438 )
2024-05-15 12:46:02 +02:00
Ivan Nardi
0110623b4e
H323: improve detection and avoid false positives ( #2432 )
2024-05-11 23:39:54 +02:00
