vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 10:41:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
2937 commits 9 branches 12 tags 263 MiB
Commit graph

470 commits

Author SHA1 Message Date
Luca Deri
d19bad1581 Added pcap for testing fragments reassembly 2021-02-03 11:48:53 +01:00
Toni
399755607d
Disable tests that require libgcrypt if --disable-gcrypt set. (#1121) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-01-21 08:59:06 +01:00
Luca
0809956e5f Rewored UPnP protocol that in essence was WSD hence it has been renamed 
Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
 2021-01-20 09:53:30 +01:00
Luca Deri
e9f43516ec Improves STUN dissection removing an invalid termination condition that prevented Skype calls to be properly identified 2021-01-13 16:46:51 +01:00
Ivan Nardi
2080cc7365
QUIC: add suppport for DNS-over-QUIC (#1107) 
Even if it is only an early internet draft, DoQ has already (at least)
one deployed implementation.
See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/
Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00

In the future, if this protocol will be really used, it might be worth to
rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
 2021-01-07 10:56:39 +01:00
Ivan Nardi
b8a5358e80
QUIC: improve handling of SNI (#1105) 
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name

Close #1077

* QUIC: fix matching of custom categories

* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions

* QUIC: fix serialization

* QUIC: add DGA check for older GQUIC versions
 2021-01-07 10:55:23 +01:00
Luca Deri
eb37f8f1fb Split HTTP request from response Content-Type. Request Content-Type should be present with POSTs and not with other methods such as GET 2021-01-06 18:28:24 +01:00
Ivan Nardi
1b524f5538
QUIC: update to draft-33 (#1104) 
QUIC (final!?) constants for v1 are defined in draft-33
 2021-01-04 15:50:14 +01:00
Ivan Nardi
23b84cd3ee
Remove FB_ZERO protocol (#1102) 
FB_ZERO was an experimental protocol run by Facebook.
They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but
them so it is definitely dead.
See: https://engineering.fb.com/2018/08/06/security/fizz/
 2021-01-04 15:49:19 +01:00
Luca Deri
4ddb5f4245 Added TLS test with long certificate 2021-01-04 11:31:25 +01:00
Luca Deri
05d76525b0 Added HTTP suspicious content securirty risk (useful for tracking trickbot) 2021-01-02 21:11:42 +01:00
Luca Deri
b7376cc690 Restored QUIC stats 2020-12-30 12:12:33 +01:00
Luca Deri
9c1827a77b Fixed output when tLS (nad not QUIC) is used 2020-12-28 09:19:39 +01:00
Luca Deri
34fc9d5d50 Introduced fix on TLS for discarding traffic out of sequence that might invalidate dissection 2020-12-22 09:47:39 +01:00
Luca Deri
2768da0637 Improved HTTP dissection 2020-12-16 14:45:29 +01:00
rafaliusz
1ecc6d323e
Add a connectionless DCE/RPC detection (#1078) 
* Add connectionless DCE/RPC detection

* Add DCE/RPC pcap file as well as its test result

Co-authored-by: rafal <rafal.burzynski@cryptomage.com>
 2020-12-08 15:48:53 +01:00
Luca Deri
23a15bae5f Fixes #1029 2020-11-27 18:51:56 +01:00
Ivan Nardi
53a5c354d8
Quic fixes (#1067) 
* QUIC: fix return value on error path on quic_cipher_init()

* QUIC: allow dissection of sessions forcing version negotiation

Enhance heuristic to avoid false positives.
 2020-11-22 11:04:10 +01:00
Luca Deri
d670850f55 Updated results 2020-11-16 21:25:59 +01:00
Zied Aouini
bfabb0ddf4
Add Virtual Asssitant (Alexa, Siri) support. (#1057) 
* Add AmazonAlexa protocol.

* Add AmazonAlexa test file and result.

* Include pcapng as file format.

* Rename Category to VirtualAssistant.

* Add AppleSiri virtual assistant.

* Fix pcapng test files format support.

Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
 2020-11-16 21:19:38 +01:00
Zied Aouini
3d8fd42307
Implement DGA detection performances tracking workflow. (#1064) 
* Implement dga evaluation helper.

* Add test set for DGA classification.

* Add DGA classification performances tracking as part of Travis.

* Add DGA evaluation doc.

* Fix CI on OSX.

* Add missing backquote.
 2020-11-16 21:17:16 +01:00
Zied Aouini
76bb83085b
Improve subprotocols detection. (#1062) 
* Improve Spotify detection.

* Improve Skype detection.

* Improve Microsoft detection.

* Fix Microsoft detection categories.

* Improve Waze detection.

* Improve Apple detection.

* Improve WindowsUpdate detection.

* Improve TikTok detection.

* Improve Teams detection.

* Improve Youtube detection.

* Improve Messenger detection.

* Improve Twitch detection.

* Improve Hulu detection.

* Improve Facebook detection.

* Improve AmazonVideo detection.
 2020-11-16 21:16:38 +01:00
Zied Aouini
3529268df8
Add Tumblr support. (#1061) 
* Add Tumblr protocol.

* Add Tumblr test file and result.

Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
 2020-11-16 21:14:06 +01:00
Zied Aouini
22780da8d5
Add Reddit support. (#1060) 
* Add Reddit protocol.

* Add Reddit test file and result.

Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
 2020-11-16 21:13:01 +01:00
Zied Aouini
13dab51cc7
Add Pinterest support. (#1059) 
* Add Pinterest protocol.

* Add Pinterest test file and result.

Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
 2020-11-16 21:11:43 +01:00
Luca Deri
328ff24657 Renumbered AmongUs protocol 2020-11-09 16:23:01 +01:00
Toni
6b5bdf773d
Added support for AmongUs. (#1054) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-11-09 16:19:00 +01:00
Luca Deri
89a363aff6 Updated ESNI/SNI alarm generation prolicy 2020-11-08 10:07:35 +01:00
Leonn
0576dc2a49
💡 Add mongodb protocol dissector (#1048) 2020-11-03 16:16:02 +01:00
Ivan Nardi
a9547da138
QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044) 
* QUIC: fix dissection of Initial packets coalesced with 0-RTT one

* QUIC: fix a memory leak
 2020-11-03 11:35:52 +01:00
Luca Deri
92b80e2468 Updated results with numeric IP detection 2020-11-01 13:31:00 +01:00
Igor Duarte
ba6a48c9fe
Improve skype detection (#1039) 
* Add new skype pcap

PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap)

* Improve skype detection
 2020-10-27 08:45:09 +01:00
Luca Deri
948a906037 Added -D flag for detecting DoH in the wild 
Removed heuristic from CiscoVPN as it leads to false positives
 2020-10-26 21:40:59 +01:00
Luca Deri
833d0eee53 Added CPHA - CheckPoint High Availability Protocol protocl support 2020-10-22 18:39:13 +02:00
Ivan Nardi
6027a7c799
Fix parsing of DLT_PPP datalink type (#1042) 2020-10-21 22:27:42 +02:00
Luca Deri
9dac9945c9 Fixes #1033 2020-10-21 20:59:02 +02:00
Zied Aouini
43c1f6a3fd
CAPWAP tunnel decoding fix (#1038) 
* Fix CAPWAP processing.

* Update result.
 2020-10-21 15:07:20 +02:00
Toni
822c8e56f7
Improved/autoconf (#1037) 
* Switched to PKG_CHECK_MODULES to keep pkg-config checks more portable.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Improved GCrypt autoconf check to detect a possible gpg-error inter-library dependency.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-10-21 15:05:33 +02:00
Toni
c2d8955c18
Fixed missing PCAP include directories in Makefiles. (#1034) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-10-19 11:25:22 +02:00
Alfredo Cardigliano
2051e51380 Decoupled fuzzy and unit tests 2020-10-12 12:11:35 +02:00
Luca Deri
d4d82c27a5 Tests update 2020-10-02 21:35:15 +02:00
Luca Deri
b68a3707f6 Updated serialization test unit 2020-10-02 12:39:08 +02:00
Toni
656323c334
Added missing files to `make dist' target which are not required to build nDPI but still somehow essential. (#1024) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-09-29 17:58:33 +02:00
Luca Deri
8e1a3f5cdc Added JSON-C check for unit tests 2020-09-26 12:50:30 +02:00
Luca Deri
044ed14b4f Various optimizations to reduce not-necessary calls 
Optimized various UDP dissectors
Removed dead protocols such as pando and pplive
 2020-09-24 23:26:03 +02:00
lucaderi
27bad14738 Added missing install target in newly added unit tsts 2020-09-22 08:42:50 +02:00
Luca Deri
60a9f6610d Added risks for checking 
- invalid DNS traffic (probably carrying exfiltrated data)
- TLS traffic with no SNI extension
 2020-09-21 19:57:23 +02:00
Alfredo Cardigliano
0259ff58e1 Exclude sanitizer on unit tests involving json-c due to a bug in the lib 2020-09-21 17:59:06 +02:00
Alfredo Cardigliano
d700ab3994 Add distdir directive 2020-09-21 17:32:57 +02:00
Alfredo Cardigliano
e6d206fd15 Add unit tests to travis. Move ndpi serializer tests to unit tests. 2020-09-21 17:24:06 +02:00