vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 23:49:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5656 commits 9 branches 12 tags 263 MiB
Commit graph

160 commits

Author SHA1 Message Date
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support (#2581) 2024-10-07 15:45:51 +02:00
Luca
45323e3bf8 Exports DNS A/AAAA responses (up to 4 addresses) 
Changed the default to IPv4 (used to be IPv6) in case of DNS error response
 2024-10-02 15:55:35 +02:00
Luca Deri
806f47337d Added Sonos protocol detection 2024-09-24 10:55:48 +02:00
Nardi Ivan
2964c23ca1 Add detection of Windscribe VPN 2024-09-05 16:36:50 +02:00
Nardi Ivan
c99646e4af Add detection of CactusVPN 2024-09-05 16:36:50 +02:00
Nardi Ivan
5b0374c28b Add detection of SurfShark VPN 2024-09-05 16:36:50 +02:00
Nardi Ivan
f350379e95 Add detection of NordVPN 2024-09-05 16:36:50 +02:00
Vladimir Gavrilov
81eaa3bd52
Add Lustre protocol detection support (#2544) 2024-09-04 10:22:04 +02:00
Vladimir Gavrilov
64a5dc3cb3
Add TRDP protocol support (#2528) 
The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
 2024-08-25 13:31:39 +02:00
wssxsxxsx
8894ebc76f
Add Automatic Tank Gauge protocol (#2527) 
See also #2523

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-08-23 22:35:08 +02:00
Vladimir Gavrilov
a10c48c80a
Add CNP/IP protocol support (#2521) 
ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
 2024-08-22 15:26:32 +02:00
Luca Deri
fc4fb4d409 Fixed probing attempt risk that was creating false positives 2024-08-07 11:38:41 +02:00
Vladimir Gavrilov
b15337a32b
Add OpenWire support (#2513) 2024-07-22 19:20:44 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Vladimir Gavrilov
6a77a891a8
Add Nano (XNO) protocol support (#2508) 2024-07-18 16:18:12 +02:00
Luca
86b67e6687 Added ClickHouse protocol 2024-07-17 14:21:45 +02:00
Vladimir Gavrilov
c3fff52646
Add HLS support (#2502) 2024-07-16 12:01:28 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Toni
8fd649ab1e
Add Ripe Atlas probe protocol. (#2473) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-06-17 11:00:38 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Mark Jeffery
f796c94375
Added protocol - JRMI - Java Remote Method Invocation (#2470) 2024-06-15 10:52:28 +02:00
Toni
80171dbcf3
Add ZUG consensus protocol dissector. (#2458) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-05-28 20:29:48 +02:00
Luca
44a290286b More NDPI_PROBING_ATTEMPT changes 2024-05-22 18:04:33 +02:00
Ivan Nardi
b116456fc5
Viber: add detection of voip calls and avoid false positives (#2434) 2024-05-11 09:21:13 +02:00
Ivan Nardi
1773d7ff2d
Add support for Mastodon, Bluesky and (FB-)Threads (#2418) 2024-05-06 13:37:18 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
0x41CEA55
e75d7a620e
Add KNXnet/IP protocol support (#2397) 
* Add KNXnet/IP protocol support

* Improve KNXnet/IP over TCP detection
 2024-04-19 12:54:00 +02:00
Vladimir Gavrilov
c63697205b
Add Label Distribution Protocol support (#2385) 
* Add Label Distribution Protocol support

* Fix typo

* Update unit test results
 2024-04-12 17:44:36 +02:00
Vladimir Gavrilov
9ff4bece33
Add The Elder Scrolls Online support (#2376) 
* Add The Elder Scrolls Online support

* Use ndpi_memmem instead of memmem from libc

* Add protocol description

* Change selection bitmask to V4_V6

* Update protocols.rst
 2024-04-10 18:04:02 +02:00
Vladimir Gavrilov
5b32c98a21
Add LoL: Wild Rift detection (#2356) 2024-03-26 08:11:14 +01:00
Vladimir Gavrilov
e6474d835f
Add FLUTE protocol dissector (#2351) 
* Add FLUTE protocol dissector

* Add flute.c to MSVC project
 2024-03-19 09:11:04 +01:00
Vladimir Gavrilov
8fad77991d
Add PFCP protocol dissector (#2342) 2024-03-13 20:18:43 +01:00
Ivan Nardi
56ce228a8b
Add a specific protocol id for audio/video calls made using Google apps (#2341) 
Same logic already used for Signal/Whatsapp/Line/Facebook/...
 2024-03-07 13:48:19 +01:00
Vladimir Gavrilov
e2949048e0
Add Path of Exile protocol dissector (#2337) 
* Add Path of Exile protocol dissector

* Update protocols.rst
 2024-03-06 19:59:09 +01:00
Vladimir Gavrilov
58fdc9fafb
Add Naraka Bladepoint detection support (#2334) 2024-03-04 08:30:54 +01:00
Vladimir Gavrilov
f2e3c7fb90
Add BFD protocol dissector (#2332) 2024-02-29 08:19:00 +01:00
Vladimir Gavrilov
66b6e2b3f2
Add DLEP protocol dissector (#2326) 2024-02-20 16:05:41 +01:00
Ivan Nardi
2f814c526b
Add identification of Huawei generic and cloud traffic (#2325) 2024-02-20 11:51:40 +01:00
Vladimir Gavrilov
e93bcfd619
Add ANSI C12.22 protocol dissector (#2317) 
* Add ANSI C12.22 protocol dissector

* Add UDP sample
 2024-02-15 09:36:06 +01:00
Vladimir Gavrilov
f5cec001f3
Add detection of Gaijin Entertainment games (#2311) 
* Add detection of Gaijin Entertainment games

* Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN

* Add default UDP port for Gaijin Entertainment games

* Remove NDPI_PROTOCOL_CROSSOUT protocol id
 2024-02-09 11:07:48 +01:00
Vladimir Gavrilov
6207be43fa
Add TencentGames protocol dissector (#2306) 2024-02-08 08:10:35 +01:00
Vladimir Gavrilov
4c9446379f
Add Gearman protocol dissector (#2297) 2024-02-01 19:46:57 +01:00
Luca Deri
47f72443fa Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial protocol 2024-01-29 13:28:41 +01:00
Toni
bcca89b78c
Add Raft protocol dissector. (#2286) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-25 20:26:18 +01:00
Vladimir Gavrilov
4e712e3ab5
Add Radmin protocol dissector (#2283) 
* Add Radmin protocol dissector

* Update test results
 2024-01-25 08:10:29 +01:00
Vladimir Gavrilov
f04b4450a1
Add STOMP protocol dissector (#2280) 2024-01-23 21:08:13 +01:00
Ivan Nardi
82e8bf91dd
Improve handling of custom rules (#2276) 
Avoid collisions between user-ids and internal-ids protocols in the
`example/protos.txt` file.
Add a new value for the classification confidence:
`NDPI_CONFIDENCE_CUSTOM_RULE`

With `./example/ndpiReader -p example/protos.txt -H` we now see also the
custom protocols and their internal/external ids:

```
nDPI supported protocols:
 Id Userd-id Protocol               Layer_4    Nw_Proto Breed        Category
  0        0 Unknown                TCP        X        Unrated      Unspecified

...

387      387 Mumble                 UDP        X        Fun          VoIP
388      388 iSCSI                  TCP                 Acceptable   Unspecified
389      389 Kibana                 TCP                 Acceptable   Unspecified
390      390 TestProto              TCP                 Acceptable   Unspecified
391      391 HomeRouter             TCP                 Acceptable   Unspecified
392      392 CustomProtocol         TCP                 Acceptable   Unspecified
393      393 AmazonPrime            TCP                 Acceptable   Unspecified
394      394 CustomProtocolA        TCP                 Acceptable   Unspecified
395      395 CustomProtocolB        TCP                 Acceptable   Unspecified
396      800 CustomProtocolC        TCP                 Acceptable   Unspecified
397     1024 CustomProtocolD        TCP                 Acceptable   Unspecified
398     2048 CustomProtocolE        TCP                 Acceptable   Unspecified
399     2049 CustomProtocolF        TCP                 Acceptable   Unspecified
400     2050 CustomProtocolG        TCP                 Acceptable   Unspecified
401    65535 CustomProtocolH        TCP                 Acceptable   Unspecified
```

We likely need to take a better look in general at the iteration between
internal and external protocols ids...

This PR fixes the issue observed in
https://github.com/ntop/nDPI/pull/2274#discussion_r1460674874 and in
https://github.com/ntop/nDPI/pull/2275.
 2024-01-21 19:53:32 +01:00
Vladimir Gavrilov
5620e10742
Add ElectronicArts detection support (#2274) 
* Add ElectronicArts detection support

* Merge electronicarts.pcapng into sites.pcapng
 2024-01-21 18:58:12 +01:00
Toni
7d24e1258d
Add Yojimbo (netcode) protocol dissector (#2277) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-21 17:47:42 +01:00