vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 15:39:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

294 commits

Author SHA1 Message Date
Ivan Nardi
6828c1ef30
TLS: fix JA4 when there are more than 99 ciphers or extensions (#3083) 2026-01-13 19:31:00 +01:00
Ivan Nardi
411af3e639
Fix HTTP hostname normalization with IPv6 literal address (#3081) 
Close #3065
 2026-01-13 18:43:02 +01:00
Luca Deri
6eb2256ce6 Added JA4 testing pcap 2026-01-02 15:36:24 +01:00
Toni
246462592e
Add additional msgpack protocol validations (Fix #3060, false-positives) (#3061) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-11 14:18:00 +01:00
Toni Uhlig
285496d0b9 Add (generic) MsgPack protocol dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-08 17:50:20 +01:00
Toni
aa3241e17b
Add (generic) JSON protocol dissector. (#2492) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-06 20:15:19 +01:00
Luca Deri
3f2f1f8ce4
Added ability to define protocol dissectors in shared libraries (#3047) 
* Added ability to define protocol dissectors in shred libraries and load them at runtime

---------

Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-12-04 15:26:15 +01:00
Ivan Nardi
5cae544a40
s7comm: small fixes and extend tests (#3046) 2025-11-30 15:52:22 +01:00
Luca Deri
b6f0d08086 Added testing pcap files for EthernetIP 2025-11-29 11:38:55 +01:00
Ivan Nardi
e58f23dc75 tests: extend utests 2025-11-18 13:32:14 +01:00
Ivan Nardi
14dc8eb1bd utests: small fix 2025-11-12 19:13:18 +01:00
Luca Deri
bb10ecc380 RDP: Added check to detect probing attempts 2025-11-06 22:45:19 +01:00
Ivan Nardi
00c0eb947b
Fix the hash statistics of public suffix lists (#3003) 
In the flow risk information always report the original domain name.
Extend the unit tests
 2025-10-21 17:34:25 +02:00
Ivan Nardi
9c27c2df3a
Allow to overwrite domain matching via custom rules (#2999) 
This is basically the revert of 0db12b1390 and 43d9caac00.
Add some tests about this feature
 2025-10-20 15:28:16 +02:00
Ivan Nardi
e7bba509fb
Follow-up of d69446893 (#2998) 
Update the documentation.
We can't return public id on `ndpi_guess_host_protocol_id()` because we
use that value internally:
```
src/lib/ndpi_main.c:  flow->guessed_protocol_id_by_ip = ndpi_guess_host_protocol_id(ndpi_str, flow);
```
 2025-10-19 12:38:51 +02:00
Luca Deri
f80aa7845d Updated results 
Signed-off-by: Luca Deri <deri@ntop.org>
 2025-10-18 00:03:54 +02:00
Toni
c67d8b63fa
Improved Telnet detection. Fixes #2936 (#2982) 
* get rid of telnet stage's

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-10-07 16:01:17 +02:00
Ivan Nardi
d06291d125
Add detection of ESPN traffic (#2980) 2025-10-05 21:03:53 +02:00
kalinda
e1c0d8ba64
Add Matter protocol dissector (#2957) 
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-09-23 15:20:48 +02:00
Toni
6f05ddbcc4
Add Samsung SDP protocol dissector (#2966) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-15 08:40:17 +02:00
Toni
043fe06c1b
Improved CryNetwork disector; detect "special" packets (#2965) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-15 08:33:29 +02:00
Toni
6eb9249f01
Add TriStation dissector (#2964) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-11 16:20:55 +02:00
Toni
1c1894720e
Update CryNetwork protocol dissector (#2959) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-08 09:43:11 +02:00
Ivan Nardi
c25c1be778 tests: add an example of custom rule with nDPI fingerprint 2025-08-31 19:10:05 +02:00
Ivan Nardi
f293851eee
SSH: fix extraction of client identification string (#2949) 
Close #2947
 2025-08-31 11:53:31 +02:00
Ivan Nardi
29dde6c65d
Z39.50: avoid false positives (#2938) 
Close #2540
 2025-08-08 10:41:38 +02:00
Ivan Nardi
f25ffea432
HTTP: fix protocol stack for some proxy flows (#2935) 2025-08-07 16:44:43 +02:00
Toni
470d0d6323
Add Mudfish protocol dissector (#2932) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-08-06 21:07:27 +02:00
Ivan Nardi
79f0cbd32a
Whois/DAS: avoid false positives (#2925) 
Close #2922
 2025-07-30 20:11:07 +02:00
Ivan Nardi
ae48c8df7a Workaround for big-endian builds 
Fix CI tests on big-endian builds.
We have a long-standing issue on big-endian archs: it might be related
to utash or about how we use utash in ndpiReader
 2025-07-19 16:44:56 +02:00
kalinda
9efd3cfb33
Add Blacknut ,Boosteroid and Rumble protocol(SNI detection WIP) (#2907) 
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-07-03 21:41:17 +02:00
Toni
a913e914e5
Added EasyWeather protocol dissector (#2912) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-07-03 12:28:48 +02:00
Ivan Nardi
43b60e3d7a
Rework classification in ndpi_match_host_subprotocol()-like functions (#2910) 2025-07-01 17:01:59 +02:00
Vladimir Gavrilov
aba60ac354
Add GLBP dissector (#2879) 
GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
 2025-06-10 15:26:10 +02:00
Vladimir Gavrilov
75395cb264
Add category and breed support for custom rules (#2872) 
Close #2594
 2025-06-08 17:34:21 +02:00
Vladimir Gavrilov
40fe26b2f1
Add Hamachi protocol detection support (#2860) 2025-06-02 14:00:31 +02:00
Ivan Nardi
651daeb01a
Fix configuration of ip lists of flow risks (#2859) 
Add some new tests about these configuration parameters.

Close #2858
 2025-05-28 20:19:19 +02:00
Luca Deri
9e5a67f369 Improved detection of TCP scanners 2025-05-27 22:17:38 +02:00
Ivan Nardi
8350cc68d4
BFCP: fix check on payload length and extract metadata (#2854) 
We should be able to identified this protocol on the first packet,
without keeping any state

Close #2745
 2025-05-26 15:08:53 +02:00
Ivan Nardi
03e1e593d1
Dofus: update detection to version 3.X (#2852) 
See #2827
 2025-05-25 20:06:12 +02:00
Luca Deri
c1d3728602 Added the support for multiple TCP fingerprint format 
- default (0) is the native nDPI format
- MuonOF (1) has been added

The format can be changed using metadata.tcp_fingerprint_format

Added ability to identify mass scanners using TCP fingerprint
 2025-05-24 10:30:33 +02:00
Vladimir Gavrilov
afc0da6468
Simplify ZeroMQ detection (#2847) 2025-05-23 16:09:16 +02:00
Vladimir Gavrilov
74cb03eb4c
Add MELSEC protocol support (#2846) 2025-05-23 11:13:52 +02:00
Vladimir Gavrilov
90b5f681c6
Improve BFCP detection (#2844) 
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-05-22 12:23:05 +02:00
Ivan Nardi
ed29a8f963
Fix isAppProtocol for GTP_U (#2837) 
See: c590dc495
 2025-05-21 14:30:36 +02:00
Vladimir Gavrilov
0a3c8f2464
Drop GW1 support and add basic GW2 detection (#2836) 2025-05-21 11:45:31 +02:00
Vladimir Gavrilov
8b84192cad
CrossFire: update code (#2834) 2025-05-21 08:36:58 +02:00
0xA50C1A1
b49b7eb45f Rename NDPI_PROTOCOL_UBUNTUONE protocol ID to NDPI_PROTOCOL_CANONICAL 2025-05-15 21:43:34 +02:00
0xA50C1A1
af4af11afc Rename Lotus Notes to HCL Notes for product consistency 2025-05-15 21:43:34 +02:00
Vladimir Gavrilov
4b47f7c669
Add kick.com support (#2813) 2025-05-14 21:06:12 +02:00