vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 23:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

97 commits

Author SHA1 Message Date
Vladimir Gavrilov
58fdc9fafb
Add Naraka Bladepoint detection support (#2334) 2024-03-04 08:30:54 +01:00
Vladimir Gavrilov
f2e3c7fb90
Add BFD protocol dissector (#2332) 2024-02-29 08:19:00 +01:00
Vladimir Gavrilov
66b6e2b3f2
Add DLEP protocol dissector (#2326) 2024-02-20 16:05:41 +01:00
Vladimir Gavrilov
e93bcfd619
Add ANSI C12.22 protocol dissector (#2317) 
* Add ANSI C12.22 protocol dissector

* Add UDP sample
 2024-02-15 09:36:06 +01:00
Ivan Nardi
ae36648c6c
Skype: remove old detection logic (#1954) 
Skype has been using standard protocols (STUN/ICE or TLS) for a long,
long time, now. Long gone are the days of Skype as a distribuited
protocol.

See: #2166
 2024-02-12 18:39:24 +01:00
Vladimir Gavrilov
f5cec001f3
Add detection of Gaijin Entertainment games (#2311) 
* Add detection of Gaijin Entertainment games

* Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN

* Add default UDP port for Gaijin Entertainment games

* Remove NDPI_PROTOCOL_CROSSOUT protocol id
 2024-02-09 11:07:48 +01:00
Luca Deri
47f72443fa Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial protocol 2024-01-29 13:28:41 +01:00
Toni
7d24e1258d
Add Yojimbo (netcode) protocol dissector (#2277) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-21 17:47:42 +01:00
Ivan Nardi
eb129297e9
Add a dedicated dissector for Zoom (#2265) 
Move it from the RTP code and extend it
 2024-01-19 10:01:38 +01:00
Vladimir Gavrilov
6ac2ce84f8
Add Mumble detection support (#2269) 2024-01-19 07:46:51 +01:00
Vladimir Gavrilov
248f3d5588
Rework Steam detection (part 1) (#2264) 
* Clean up Steam dissector

* Add Steam Datagram Relay dissector

* Update docs

* Update test results

* Remove csgo.c from MSVC project

* Small fixes

* Add Steam TLS pcap sample

* Merge Steam pcap samples into single one

* Fix typo

* Update test results
 2024-01-18 19:23:44 +01:00
Toni
0aea509e23
Add KCP protocol dissector. (#2257) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-12 12:14:59 +01:00
Toni
c5b0b05b80
Add Roughtime protocol dissector. (#2248) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-09 07:56:27 +01:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Vladimir Gavrilov
0180c1f04a
Add IEC62056 (DLMS/COSEM) protocol dissector (#2229) 
* Add IEC62056 (DLMS/COSEM) protocol dissector

* Fix detection on big endian architectures

* Update protocols.rst

* Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c

* Update pcap sample

* Remove empty .out file

* iec62056: add some documentation

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-01-02 16:45:54 +01:00
Vladimir Gavrilov
2796bc9b47
Add NoMachine NX protocol dissector (#2234) 
* Add NoMachine protocol dissector

* Fix detection on big endian architectures

* Make NoMachine over UDP check more strict

* Small fixes
 2024-01-02 10:23:42 +01:00
Vladimir Gavrilov
59c8eabc0e
Add UFTP protocol dissector (#2215) 
* Add UFTP protocol dissector

* Update docs

* Merge pcap files
 2023-12-18 11:21:07 +01:00
Vladimir Gavrilov
0f3e6d832b
Add PROFINET/IO protocol dissector (#2213) 
* Add PROFINET/IO protocol dissector

* Add LE (Little Endian) to the file name

* Rework dissector

* Remove redundant check
 2023-12-16 13:30:21 +01:00
Ivan Nardi
241c42ad7e
ndpiReader: fix guessed_flow_protocols statistic (#2203) 
Increment the counter only if the flow has been guessed
 2023-12-12 19:44:03 +01:00
Ivan Nardi
f74cf16c36
OpenVPN: rework detection (#2199) 
Close #1873
 2023-12-06 10:24:26 +01:00
Vladimir Gavrilov
ad20846fad
Add Ether-S-Bus protocol dissector (#2200) 2023-12-05 17:20:38 +01:00
Vladimir Gavrilov
be50493f44
Add IEEE C37.118 protocol dissector (#2193) 2023-12-05 08:06:15 +01:00
Vladimir Gavrilov
ebb1bc2f34
Add Ether-S-I/O protocol dissector (#2174) 2023-11-27 19:04:05 +01:00
Vladimir Gavrilov
84427b0754
Add Omron FINS protocol dissector (#2172) 
* Add Omron FINS protocol dissector

* Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP

* Update unit test results

* Update protocols.rst

* Remove dummy flows from fins.pcap
 2023-11-27 17:09:53 +01:00
Vladimir Gavrilov
0b6e261523
Improve CORBA detection (#2167) 
* Improve CORBA detection

* Remove dummy flow from ziop.pcap

* Merge ziop.pcap and miop.pcap into corba.pcap
 2023-11-27 13:10:50 +01:00
Vladimir Gavrilov
87399b3544
Add RTPS protocol dissector (#2168) 2023-11-27 07:17:39 +01:00
Vladimir Gavrilov
5c8c5c90c2
Add HART-IP protocol dissector (#2163) 
* Add HART-IP protocol dissector

* Update docs

* Update protocols.rst

* Reuse free proto id and re-run tests

* docs: move HART-IP to top of list

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
 2023-11-22 22:04:22 +01:00
Vladimir Gavrilov
ae6e6d61f0
Add IEEE 1588-2008 (PTPv2) dissector (#2156) 
* Add IEEE 1588-2008 (PTPv2) dissector

PTPv2 is a time synchronization protocol in computer networks, similar to NTP.

* Add default protocol ports

* Update default test result for PTPv2

* Update copyright

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
 2023-11-21 13:39:54 +01:00
Ivan Nardi
32b50f5aa4
IPv6: add support for IPv6 risk exceptions (#2122) 2023-10-29 12:14:20 +01:00
Ivan Nardi
e8e4b9e8ff
IPv6: add support for IPv6 risk tree (#2118) 
Fix the script to download crawler addressess
 2023-10-27 13:58:15 +02:00
Toni
ed17f4d658
Improved Protobuf dissector. (#2119) 
* tag extraction/validation was done wrong

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-27 10:19:47 +02:00
Ivan Nardi
8b07be4b9f
Jabber: remove support for UDP (#2115) 
Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp`
suggests that...).

Bug introduced in 5266c726f
 2023-10-26 20:16:27 +02:00
Ivan Nardi
611c3b66f0
ipv6: add support for ipv6 addresses lists (#2113) 2023-10-26 20:15:44 +02:00
Toni
e70333de87
Added generic Google Protobuf dissector. (#2109) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-24 12:18:31 +02:00
Toni Uhlig
a443bba0dd Add CAN over Ethernet dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-23 13:45:56 +02:00
Toni Uhlig
f69909d49b Add Remote Management Control Protocol (RMCP). 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-19 19:50:57 +02:00
Toni
e4d3d619bc
Add Service Location Protocol dissector. (#2036) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-08-01 08:50:46 +02:00
Luca Deri
fea09e825b Fixes risk mask exception handling while improving the overall performance 2023-07-14 19:52:34 +02:00
Ivan Nardi
2c7fb91794
Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025) 
Regardless of the name, the removed trace doesn't contain meaningful
Hangout traffic.

Remove last piece of sub-classifiction based only on ip addresses.
 2023-06-27 10:33:28 +02:00
Toni
1678888284
Add Apache Thrift protocol dissector. (#2007) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-06-22 13:07:32 +02:00
Ivan Nardi
b11e6a453b
Add support for Epic Games and GeForceNow/Nvidia (#1990) 2023-05-27 12:13:54 +02:00
Ivan Nardi
31d23aee56
All protocols should be excluded sooner or later (#1969) 
For a lot of protocols, reduce the number of packets after which the
protocols dissector gives up.
The values are quite arbitary, tring to not impact on classification
 2023-05-10 12:50:24 +02:00
nikitamishagin
d3e67faf20
Add "Heroes of the Storm" video game signature detection. (#1949) 2023-04-22 18:28:43 +02:00
Toni
85751ba9d7
Added OICQ dissector. (#1950) 
Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-04-21 11:30:10 +02:00
Toni
6660feed35
Added BACnet dissector. (#1940) 
Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-04-11 20:26:27 +02:00
Toni
bebcce5281
Added Source Engine dissector. (#1937) 
Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-04-11 14:31:57 +02:00
Ivan Nardi
7714507f81
Test multiple ndpiReader configurations (#1931) 
Extend internal unit tests to handle multiple configurations.
As some examples, add tests about:
* disabling some protocols
* disabling Ookla aggressiveness

Every configurations data is stored in a dedicated directory under
`tests\cfgs`
 2023-04-06 11:30:36 +02:00
Renamed from tests/result/imo.pcap.out (Browse further)