vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 23:49:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5656 commits 9 branches 12 tags 263 MiB
Commit graph

294 commits

Author SHA1 Message Date
Toni
b0867c0614
Improve Ubiquiti device discovery request/response detection. (#2810) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-05-12 13:00:08 +02:00
Vladimir Gavrilov
292d26f0db
Add vkvideo domain (#2809) 2025-05-12 09:46:19 +02:00
Vladimir Gavrilov
b3be9f16dc
Add Rockstar Games detection (#2805) 2025-04-28 19:54:00 +02:00
Vladimir Gavrilov
6312e4c9aa
Add Microsoft Delivery Optimization protocol (#2799) 2025-04-28 13:40:21 +02:00
Ivan Nardi
9283ebc1c9
Add a new specific ID for generic Ubiquity traffic (#2796) 2025-04-16 14:36:56 +02:00
Ivan Nardi
c7b71d9e55
UBNTAC2,Ookla: improve detection (#2793) 2025-04-10 13:18:44 +02:00
Ivan Nardi
3e2d69b92a Follow-up of latest Signal call change (see: 4d41588a7) 2025-04-05 14:22:05 +02:00
Ivan Nardi
153391da66 blizzard: add detection of Overwatch2 2025-03-30 20:22:09 +02:00
Ivan Nardi
092a6e10d0 WoW: update detection 
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
 2025-03-30 20:22:09 +02:00
Ivan Nardi
56ac5bf48b
Rework the old Starcraft code to identify traffic from generic Blizzard games (#2776) 
Remove `NDPI_PROTOCOL_STARCRAFT` and add a generic `NDPI_PROTOCOL_BLIZZARD`.
 2025-03-25 17:16:10 +01:00
Ivan Nardi
f2be78561b
armagetron: update code (#2777) 2025-03-25 13:22:52 +01:00
Ivan Nardi
91fd1bccd2
Rework the old MapleStory code to identify traffic from generic Nexon games (#2773) 
Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic
`NDPI_PROTOCOL_NEXON`
 2025-03-19 17:58:42 +01:00
Ivan Nardi
0fe81c842f
TLS: avoid sub-classification for RDP flows (#2769) 
These flows are already classified as TLS.RDP.
This change also fix a memory leak

```
Direct leak of 62 byte(s) in 1 object(s) allocated from:
   #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
   #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46
   #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13
   #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46
   #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10
   #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5
```
Found by oss-fuzz.
See: https://oss-fuzz.com/testcase-detail/5244512192757760
 2025-03-14 15:13:29 +01:00
Toni
6a591b67aa
Add GearUP Booster protocol dissector (heuristic based). (#2765) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-03-07 20:05:44 +01:00
Luca Deri
beea70d689 Improved Tor detection 2025-02-24 22:14:41 +01:00
Ivan Nardi
084a5808d5
UBNTAC2: rework detection (#2744) 2025-02-23 17:51:51 +01:00
Toni
5858e1debf
Add LagoFast protocol dissector. (#2743) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-02-23 13:13:38 +01:00
Ivan Nardi
6c00422f5c
Update the capture length of the ssdp example (#2741) 
Some old libpcap versions don't handle pcap files with capture length
bigger than 262144 bytes

```
 ERROR: could not open pcap file: invalid interface capture length 524288, bigger than maximum of 262144
```
 2025-02-21 19:47:17 +01:00
Ivan Nardi
86af01c74d
DNS: fix message parsing (#2732) 2025-02-16 17:19:43 +01:00
Ivan Kapranov
ccb15db9b3
Implement SSDP Metadata export (#2729) 
Close #2524
 2025-02-16 17:04:16 +01:00
Ivan Kapranov
e4521440ab
Added RUTUBE (#2725) 2025-02-15 16:03:58 +01:00
Ivan Nardi
9bf513b342
DNS: fix dissection (#2726) 2025-02-15 15:13:01 +01:00
Ivan Nardi
dba7e9a8ec
DNS: try to simplify the code (#2718) 
Set the classification in only one place in the code.
 2025-02-12 09:48:35 +01:00
Ivan Nardi
dff5b2beac DNS: fix dissection when there is only the response message 2025-02-11 12:44:46 +01:00
Ivan Nardi
a298d26c20 DNS: extend tests 2025-02-11 12:44:46 +01:00
Ivan Nardi
642cf5764a Extend regression tests 2025-02-04 14:33:32 +01:00
Ivan Nardi
819b00670c
RTP: improve detection of multimedia type for Signal calls (#2697) 2025-01-24 14:13:51 +01:00
Vladimir Gavrilov
674428d824
Add Vivox support (#2668) 2025-01-11 19:37:31 +01:00
Toni
9a0a3bb8e7
Improved WebSocket-over-HTTP detection (#2664) 
* detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-01-11 11:23:42 +01:00
Vladimir Gavrilov
12a7d55d27
Path of Exile 2 support (#2654) 2025-01-06 10:57:16 +01:00
Ivan Nardi
a156d69ea4
STUN: fix monitoring (#2639) 2024-12-06 20:19:28 +01:00
Ivan Nardi
83ce341796
signal: improve detection of chats and calls (#2637) 2024-12-04 16:14:27 +01:00
Evgeny Shtanov
74792e49c8
Add support Yandex Alice (#2633) 
Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm>
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2024-11-29 14:13:36 +01:00
Ivan Nardi
7330f65939 Add support for Paramount+ streaming service 2024-11-25 14:01:55 +01:00
Ivan Nardi
c5bd9d8bff
RTP, STUN: improve detection of multimedia flow type (#2620) 
Let's see if we are able to tell audio from video calls only looking at
RTP Payload Type field...
 2024-11-19 16:38:14 +01:00
Luca
4fd12278b1 Added DICOM support 
Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
 2024-11-15 18:45:51 +01:00
Luca Deri
3ce8d0e508
Implemented Mikrotik discovery protocol dissection and metadata extraction (#2618) 2024-11-14 23:34:31 +01:00
Ivan Nardi
59ee1fe115
Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) 
Extend content match list
 2024-11-12 20:11:07 +01:00
Vladimir Gavrilov
137d87fd87
Add Naver protocol support (#2610) 2024-11-01 14:56:25 +01:00
Ivan Nardi
a903932155
HTTP: fix leak and out-of-bound error on credential extraction (#2611) 2024-11-01 13:11:06 +01:00
Luca Deri
412ca8700f Added HTTP credentials extraction 2024-10-31 21:20:46 +01:00
Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support (#2606) 2024-10-28 16:57:05 +01:00
Luca Deri
6dc4533c3c Added support for RDP over TLS 2024-10-19 16:24:11 +02:00
Luca Deri
ec5efe5cf2 Added sonos dissector 2024-10-13 18:50:34 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support (#2581) 2024-10-07 15:45:51 +02:00
Ivan Nardi
623b7e236f
TLS: detect abnormal padding usage (#2579) 
Padding is usually some hundreds byte long. Longer padding might be used
as obfuscation technique to force unusual CH fragmentation
 2024-10-01 17:15:03 +02:00
Ivan Nardi
69c89f9061
TLS: heuristics: fix memory allocations (#2577) 
Allocate heuristics state only if really needed.
Fix memory leak (it happened with WebSocket traffic on port 443)
 2024-09-30 16:55:07 +02:00
Ivan Nardi
ddd08f913c
Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) 
Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with
Encapsulated TLS Handshakes".
See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting

Basic idea:
* the packets/bytes distribution of a TLS handshake is quite unique
* this fingerprint is still detectable if the handshake is
encrypted/proxied/obfuscated

All heuristics are disabled by default.
 2024-09-24 14:20:31 +02:00
Nardi Ivan
686d0e3839 Fix Sonos trace 2024-09-24 13:28:19 +02:00
Luca Deri
806f47337d Added Sonos protocol detection 2024-09-24 10:55:48 +02:00