aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile.am2
-rw-r--r--README.protocols18
2 files changed, 1 insertions, 19 deletions
diff --git a/Makefile.am b/Makefile.am
index fcc4403ab..20d919d45 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -8,7 +8,7 @@ endif
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libndpi.pc
-EXTRA_DIST = README.md CHANGELOG.md CONTRIBUTING.md README.protocols autogen.sh wireshark python windows utils packages example/MacOS doc/api.rst doc/conf.py doc/flow_risks.rst doc/guide/nDPI_QuickStartGuide.pages doc/guide/nDPI_QuickStartGuide.pdf doc/img/logo.png doc/index.rst doc/Makefile doc/what_is_ndpi.rst
+EXTRA_DIST = README.md CHANGELOG.md CONTRIBUTING.md autogen.sh wireshark python windows utils packages example/MacOS doc/api.rst doc/conf.py doc/flow_risks.rst doc/guide/nDPI_QuickStartGuide.pages doc/guide/nDPI_QuickStartGuide.pdf doc/img/logo.png doc/index.rst doc/Makefile doc/what_is_ndpi.rst
changelog:
git log --since={`curl -s https://github.com/ntop/ndpi/releases | grep datetime | head -n1 | egrep -o "[0-9]+\-[0-9]+\-[0-9]+"`} --name-only --pretty=format:" - %s" | grep "^ " > CHANGELOG.latest
diff --git a/README.protocols b/README.protocols
deleted file mode 100644
index 1c77df15b..000000000
--- a/README.protocols
+++ /dev/null
@@ -1,18 +0,0 @@
-Tor
----
-
-Tor protocol can use SSL to hide itself. These are examples:
-
-TCP 37.128.208.46:9001 <-> 172.16.253.130:2078 [VLAN: 0][proto: 91/SSL][132 pkts/93834 bytes][SSL client: www.jwrpsthzrih.com]
-TCP 172.16.253.130:2021 <-> 75.147.140.249:443 [VLAN: 0][proto: 91/SSL][28 pkts/8053 bytes][SSL client: www.5akw23dx.com]
-TCP 172.16.253.130:2077 <-> 77.247.181.163:443 [VLAN: 0][proto: 91/SSL][136 pkts/94329 bytes][SSL client: www.fk4pprq42hsvl2wey.com]
-
-It can be detected by analyzing the SSL client certificate and checking the name that does not match to a real host in
-addition of being a bit weird. As doing DNS resolution is not a task for nDPI we let applications do and then recognize
-SSL-tunnelled connections.
-
-See http://www.netresec.com/?page=Blog&month=2013-04&post=Detecting-TOR-Communication-in-Network-Traffic
-
-For this reason nDPI uses a heuristic, non-DNS based, approach to detect tor communications. If possible, apps
-should validate the certificate using the DNS. This is not something nDPI can afford to do for performance
-reasons
Powered by cgit, Themed by Ted Yin.