9e07a57566
- nDPId: fixed invalid IP4/IP6 tuple compare - nDPIsrvd: fixed caching issue (finally) - added tiny c example (can be used to check flow manager sanity) - c-captured: use flow_last_seen timestamp from `struct nDPIsrvd_flow` - README.md update: added example JSON sequence - nDPId: added new flow event `update` necessary for correct timeout handling (and other future use-cases) - nDPIsrvd.h and nDPIsrvd.py: switched to an instance (consists of an alias/source tuple) based flow manager - every flow related event **must** now serialize `alias`, `source`, `flow_id`, `flow_last_seen` and `flow_idle_time` to make the timeout handling and verification process work correctly - nDPIsrvd.h: ability to profile any dynamic memory (de-)allocation - nDPIsrvd.py: removed PcapPacket class (unused) - py-flow-dashboard and py-flow-multiprocess: fixed race condition - py-flow-info: print statusbar with probably useful information - nDPId/nDPIsrvd.h: switched from packet-flow only timestamps (`pkt_*sec`) to a generic flow event timestamp `ts_msec` - nDPId-test: added additional checks - nDPId: increased ICMP flow timeout - nDPId: using event based i/o if capturing packets from a device - nDPIsrvd: fixed memory leak on shutdown if remote descriptors were still connected Signed-off-by: Toni Uhlig <matzeton@googlemail.com> |
||
|---|---|---|
| .. | ||
| c-captured | ||
| c-collectd | ||
| c-json-stdout | ||
| c-simple | ||
| go-dashboard | ||
| py-flow-dashboard | ||
| py-flow-info | ||
| py-flow-muliprocess | ||
| py-ja3-checker | ||
| py-json-stdout | ||
| py-schema-validation | ||
| py-semantic-validation | ||
| README.md | ||
examples
Some ready-2-use/ready-2-extend examples/utils. All examples are prefixed with their used LANG.
c-captured
A capture daemon suitable for low-resource devices.
It saves flows that were guessed/undetected/risky/midstream to a PCAP file for manual analysis.
Basicially a combination of py-flow-undetected-to-pcap and py-risky-flow-to-pcap.
c-collectd
A collecd-exec compatible middleware that gathers statistic values from nDPId.
c-json-stdout
Tiny nDPId json dumper. Does not provide any useful funcationality besides dumping parsed JSON objects.
c-simple
Very tiny integration example.
go-dashboard (DISCONTINUED!)
A discontinued tty UI nDPId dashboard.
py-flow-info
Prints prettyfied information about flow events.
py-flow-dash
A realtime web based graph using Plotly/Dash.
py-flow-multiprocess
Simple Python Multiprocess example spawning two worker processes, one connecting to nDPIsrvd and one printing flow id's to STDOUT.
py-flow-undetected-to-pcap
Captures and saves undetected flows to a PCAP file.
py-json-stdout
Dump received and parsed JSON strings.
py-risky-flow-to-pcap
Captures and saves risky flows to a PCAP file.
py-schema-validation
Validate nDPId JSON strings against pre-defined JSON schema's.
See schema/.
Required by tests/run_tests.sh
py-semantic-validation
Validate nDPId JSON strings against internal event semantics.
Required by tests/run_tests.sh
py-ja3-checker
Captures JA3 hashes from nDPIsrvd and checks them against known hashes from ja3er.com.