* Add WebDAV detection support
* Add pcap example
* Update test results
* Remove redundant checks
* Add WebDAV related HTTP methods to fuzz/dictionary.dict
* Add note about WebDAV
* Add Omron FINS protocol dissector
* Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP
* Update unit test results
* Update protocols.rst
* Remove dummy flows from fins.pcap
* Add HART-IP protocol dissector
* Update docs
* Update protocols.rst
* Reuse free proto id and re-run tests
* docs: move HART-IP to top of list
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Add IEEE 1588-2008 (PTPv2) dissector
PTPv2 is a time synchronization protocol in computer networks, similar to NTP.
* Add default protocol ports
* Update default test result for PTPv2
* Update copyright
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* minor fixes
fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq
* fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol
* fix compile errors
* fix
* Fix name missmatch for Sina and Sina Weibo
* fix
* add Sina Weibo to doc
* fix
* add Sina Weibo to doc
---------
Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
Try to have a faster classification, on first packet; use standard extra
dissection data path for sub-classification, metadata extraction and
monitoring.
STUN caches:
* use the proper confidence value
* lookup into the caches only once per flow, after having found a proper
STUN classification
Add identification of Telegram VoIP calls.
as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin
the same is applicable for ethereum.
ethereum detection was removed from mining protocol and is now handled separately.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Add bitcoing protocol dissector.
* remove bitcoin protcol detection from mining.c
* add a new bitcoin deissector.
* add a new category: Cryptocurrency.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Remove useless checks and add missing windows and docs file.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* update affected tests.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* add a brief version.
Add notes on the difference between normal bitcoin protocol and the
mining protocol.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* update enable_payload_stat test after dev rebasing.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
---------
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
The goal is to have Zoom flows classified as "Encrypted" and not as
"Cleartext".
Start documenting the list of protocols supported by nDPI;
format, verbosity and content are still a work-in-progress.
