vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 07:29:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

75 commits

Author SHA1 Message Date
Ivan Nardi
73d1856525
DNS: disable subclassification by default (#2715) 
Prelimary change to start supporting multiple DNS transactions on the
same flow
 2025-02-11 13:50:00 +01:00
Ivan Nardi
62d64afde7
Auto-generate Microsoft-related list of domains (#2688) 2025-01-31 15:44:28 +01:00
Ivan Nardi
819b00670c
RTP: improve detection of multimedia type for Signal calls (#2697) 2025-01-24 14:13:51 +01:00
Ivan Nardi
f3532f0bad
Unify "Skype" and "Teams" ids (#2687) 
* Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` ->
  `NDPI_PROTOCOL_MSTEAMS_CALL`

* Rename ip list from "Skype/Teams" to "Teams"
 2025-01-20 18:06:56 +01:00
Luca Deri
511228d36d Added DigitalOcean protocol 2025-01-17 18:26:27 +01:00
Ivan Nardi
252be78acc
STUN: improve detection of Telegram calls (#2671) 2025-01-14 17:33:34 +01:00
Ivan Nardi
72fd940301
Remove JA3C output from ndpiReader (#2667) 
Removing JA3C is an big task. Let's start with a simple change having an
huge impact on unit tests: remove printing of JA3C information from
ndpiReader.

This way, when we will delete the actual code, the unit tests diffs
should be a lot simpler to look at.

Note that the information if the client/server cipher is weak or
obsolete is still available via flow risk

See: #2551
 2025-01-12 13:24:27 +01:00
Ivan Nardi
c3d19be26f
ndpiReader: update JA statistics (#2646) 
Show JA4C and JA3S information (instead of JA3C and JA3S)
See #2551 for context
 2025-01-06 15:09:25 +01:00
paolomonti
3b602e73ba
IPv6: fix bad ipv6 format (#1890) (#2651) 
ipv6 addresses already containing "::" token shall
not be searched for ":0:" nor patched

Close #1890
 2024-12-20 11:02:09 +01:00
Ivan Nardi
803410542e
STUN/RTP: improve metadata extraction (#2641) 2024-12-11 15:28:00 +01:00
Ivan Nardi
a156d69ea4
STUN: fix monitoring (#2639) 2024-12-06 20:19:28 +01:00
Ivan Nardi
cff8bd1bb2
Update flow->flow_multimedia_types to a bitmask (#2625) 
In the same flow, we can have multiple multimedia types
 2024-11-25 10:12:48 +01:00
Luca Deri
56e52448c4 When triggering risk "Known Proto on Non Std Port", nDPi now reports the port that was supposed to be used as default 2024-11-22 18:21:58 +01:00
Ivan Nardi
1140d28c3d Sync unit tests results 2024-11-21 09:53:10 +01:00
Ivan Nardi
c5bd9d8bff
RTP, STUN: improve detection of multimedia flow type (#2620) 
Let's see if we are able to tell audio from video calls only looking at
RTP Payload Type field...
 2024-11-19 16:38:14 +01:00
Luca
4fd12278b1 Added DICOM support 
Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
 2024-11-15 18:45:51 +01:00
Luca Deri
3ce8d0e508
Implemented Mikrotik discovery protocol dissection and metadata extraction (#2618) 2024-11-14 23:34:31 +01:00
Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support (#2606) 2024-10-28 16:57:05 +01:00
Luca Deri
d5236c0aaf Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options 2024-10-27 08:17:27 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Ivan Nardi
51556113a3
ndpiReader: add some statistics about monitoring (#2602) 2024-10-19 19:44:00 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Ivan Nardi
8299f5abab
STUN: fix monitoring of Whatsapp and Zoom flows (#2590) 2024-10-15 12:05:22 +02:00
Ivan Nardi
521d0ca7a0
Add monitoring capability (#2588) 
Allow nDPI to process the entire flows and not only the first N packets.
Usefull when the application is interested in some metadata spanning the
entire life of the session.

As initial step, only STUN flows can be put in monitoring.

See `doc/monitoring.md` for further details.

This feature is disabled by default.

Close #2583
 2024-10-14 18:05:35 +02:00