vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 23:49:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5656 commits 9 branches 12 tags 263 MiB
Commit graph

96 commits

Author SHA1 Message Date
Vladimir Gavrilov
e2949048e0
Add Path of Exile protocol dissector (#2337) 
* Add Path of Exile protocol dissector

* Update protocols.rst
 2024-03-06 19:59:09 +01:00
Vladimir Gavrilov
66b6e2b3f2
Add DLEP protocol dissector (#2326) 2024-02-20 16:05:41 +01:00
Vladimir Gavrilov
e93bcfd619
Add ANSI C12.22 protocol dissector (#2317) 
* Add ANSI C12.22 protocol dissector

* Add UDP sample
 2024-02-15 09:36:06 +01:00
Vladimir Gavrilov
6207be43fa
Add TencentGames protocol dissector (#2306) 2024-02-08 08:10:35 +01:00
Vladimir Gavrilov
4c9446379f
Add Gearman protocol dissector (#2297) 2024-02-01 19:46:57 +01:00
Vladimir Gavrilov
c807d84054
Fix RESP detection (#2289) 
* Rename redis_net.c to resp.c

* Fix RESP detection
 2024-01-27 21:19:34 +01:00
Toni
bcca89b78c
Add Raft protocol dissector. (#2286) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-25 20:26:18 +01:00
Vladimir Gavrilov
4e712e3ab5
Add Radmin protocol dissector (#2283) 
* Add Radmin protocol dissector

* Update test results
 2024-01-25 08:10:29 +01:00
Vladimir Gavrilov
f04b4450a1
Add STOMP protocol dissector (#2280) 2024-01-23 21:08:13 +01:00
Vladimir Gavrilov
248f3d5588
Rework Steam detection (part 1) (#2264) 
* Clean up Steam dissector

* Add Steam Datagram Relay dissector

* Update docs

* Update test results

* Remove csgo.c from MSVC project

* Small fixes

* Add Steam TLS pcap sample

* Merge Steam pcap samples into single one

* Fix typo

* Update test results
 2024-01-18 19:23:44 +01:00
Toni
0aea509e23
Add KCP protocol dissector. (#2257) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-12 12:14:59 +01:00
Toni
c5b0b05b80
Add Roughtime protocol dissector. (#2248) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-09 07:56:27 +01:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Vladimir Gavrilov
3d09b25653
Add Ceph protocol dissector (#2242) 
* Add Ceph protocol dissector

* Update protocols.rst
 2024-01-04 13:22:23 +01:00
Vladimir Gavrilov
7f9973bd0c
Add HL7 protocol dissector (#2240) 
* Add HL7 protocol dissector

* Small fixes

* Small fixes
 2024-01-02 20:57:05 +01:00
Vladimir Gavrilov
0180c1f04a
Add IEC62056 (DLMS/COSEM) protocol dissector (#2229) 
* Add IEC62056 (DLMS/COSEM) protocol dissector

* Fix detection on big endian architectures

* Update protocols.rst

* Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c

* Update pcap sample

* Remove empty .out file

* iec62056: add some documentation

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-01-02 16:45:54 +01:00
Vladimir Gavrilov
2796bc9b47
Add NoMachine NX protocol dissector (#2234) 
* Add NoMachine protocol dissector

* Fix detection on big endian architectures

* Make NoMachine over UDP check more strict

* Small fixes
 2024-01-02 10:23:42 +01:00
Vladimir Gavrilov
5eb468d07b
Add Apache Kafka protocol dissector (#2226) 2023-12-22 14:42:47 +01:00
Vladimir Gavrilov
149067b3fc
Add JSON-RPC protocol dissector (#2217) 
* Add JSON-RPC protocol dissector

* Small fixes

* Improve detection
 2023-12-20 12:42:25 +01:00
Vladimir Gavrilov
33f11cb10f
Add OpenFlow protocol dissector (#2222) 2023-12-20 10:48:45 +01:00
Vladimir Gavrilov
d8c7a76611
Add HiSLIP protocol dissector (#2214) 
* Add HiSLIP protocol dissector

* Fix error
 2023-12-17 11:52:55 +01:00
Toni
ef62391dba
Add Monero protocol classification. (#2196) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-12-13 19:55:18 +01:00
Vladimir Gavrilov
be50493f44
Add IEEE C37.118 protocol dissector (#2193) 2023-12-05 08:06:15 +01:00
Vladimir Gavrilov
c34bded4ef
Add ISO 9506-1 MMS protocol dissector (#2189) 
* Add ISO 9506-1 MMS protocol dissector
* Fix detection on big-endian architectures
 2023-12-01 09:03:07 +01:00
Vladimir Gavrilov
24df1913ac
Add Beckhoff ADS protocol dissector (#2181) 
* Add Beckhoff ADS protocol dissector

* Remove redundant le32toh

* Fix detection on big-endian architectures
 2023-11-30 09:13:45 +01:00
Vladimir Gavrilov
84427b0754
Add Omron FINS protocol dissector (#2172) 
* Add Omron FINS protocol dissector

* Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP

* Update unit test results

* Update protocols.rst

* Remove dummy flows from fins.pcap
 2023-11-27 17:09:53 +01:00
Vladimir Gavrilov
0b6e261523
Improve CORBA detection (#2167) 
* Improve CORBA detection

* Remove dummy flow from ziop.pcap

* Merge ziop.pcap and miop.pcap into corba.pcap
 2023-11-27 13:10:50 +01:00
Vladimir Gavrilov
da629709f3
Add OPC UA protocol dissector (#2169) 2023-11-27 12:13:23 +01:00
Vladimir Gavrilov
5c8c5c90c2
Add HART-IP protocol dissector (#2163) 
* Add HART-IP protocol dissector

* Update docs

* Update protocols.rst

* Reuse free proto id and re-run tests

* docs: move HART-IP to top of list

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
 2023-11-22 22:04:22 +01:00
Vladimir Gavrilov
35abafec4f
Get rid of Apache Cassandra false positives (#2159) 
* Rewrite Apache Cassandra dissector

* Replace memcmp with strncmp

* Add payload length check

* Update Cassandra dissector

* Update test results

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
 2023-11-21 16:56:01 +01:00
Ivan Nardi
32b50f5aa4
IPv6: add support for IPv6 risk exceptions (#2122) 2023-10-29 12:14:20 +01:00
Ivan Nardi
e8e4b9e8ff
IPv6: add support for IPv6 risk tree (#2118) 
Fix the script to download crawler addressess
 2023-10-27 13:58:15 +02:00
Ivan Nardi
611c3b66f0
ipv6: add support for ipv6 addresses lists (#2113) 2023-10-26 20:15:44 +02:00
Maatuq
4a8e7105b2
add ethereum protocol dissector. (#2111) 
as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin
the same is applicable for ethereum.
ethereum detection was removed from mining protocol and is now handled separately.

Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
 2023-10-25 12:44:33 +02:00
Toni
e70333de87
Added generic Google Protobuf dissector. (#2109) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-24 12:18:31 +02:00
Toni Uhlig
a443bba0dd Add CAN over Ethernet dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-23 13:45:56 +02:00
Toni
a98d7ff433
Added HAProxy protocol. (#2088) 
* fixed tests/do.sh.in failure print

Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-02 18:10:47 +02:00
Ivan Nardi
6925890383
Add support for (un-encrypted) HTTP/2 (#2087) 
Plaintext HTTP/2 is quite rare on the general "internet" but it is
used in some private networks (example: 5G core network)
 2023-09-18 14:06:09 +02:00
Toni
e4d3d619bc
Add Service Location Protocol dissector. (#2036) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-08-01 08:50:46 +02:00
Ivan Nardi
3326fa258e
Add an heuristic to detect fully encrypted flows (#2058) 
A fully encrypted session is a flow where every bytes of the
payload is encrypted in an attempt to “look like nothing”.
The heuristic needs only the very first packet of the flow.
See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf

A basic, but generic, inplementation of the popcpunt alg has been added
 2023-07-26 09:09:12 +02:00
Luca Deri
fea09e825b Fixes risk mask exception handling while improving the overall performance 2023-07-14 19:52:34 +02:00
Ivan Nardi
2c7fb91794
Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025) 
Regardless of the name, the removed trace doesn't contain meaningful
Hangout traffic.

Remove last piece of sub-classifiction based only on ip addresses.
 2023-06-27 10:33:28 +02:00
Toni
1678888284
Add Apache Thrift protocol dissector. (#2007) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-06-22 13:07:32 +02:00
Maatuq
e17fa1259a
Add bitcoing protocol dissector. (#1992) 
* Add bitcoing protocol dissector.

* remove bitcoin protcol detection from mining.c
* add a new bitcoin deissector.
* add a new category: Cryptocurrency.

Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>

* Remove useless checks and add missing windows and docs file.

Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>

* update affected tests.

Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>

* add a brief version.

Add notes on the difference between normal bitcoin protocol and the
mining protocol.

Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>

* update enable_payload_stat test after dev rebasing.

Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>

---------

Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
 2023-05-31 07:31:01 +02:00
Ivan Nardi
31d23aee56
All protocols should be excluded sooner or later (#1969) 
For a lot of protocols, reduce the number of packets after which the
protocols dissector gives up.
The values are quite arbitary, tring to not impact on classification
 2023-05-10 12:50:24 +02:00
Ivan Nardi
7714507f81
Test multiple ndpiReader configurations (#1931) 
Extend internal unit tests to handle multiple configurations.
As some examples, add tests about:
* disabling some protocols
* disabling Ookla aggressiveness

Every configurations data is stored in a dedicated directory under
`tests\cfgs`
 2023-04-06 11:30:36 +02:00
Renamed from tests/result/threema.pcap.out (Browse further)