| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
| |
We can do definitely better, but this change is a big improvements
respect the current broken code
|
| | |
|
| |
|
|
|
| |
Example:
./example/ndpiReader -i tests/pcap/safari.pcap --cfg=tls,metadata.ja4r_fingerprint,1
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Allow sub-classification of OpenVPN/Wireguard flows using their server IP.
That is useful to detect the specific VPN application/app used.
At the moment, the supported protocols are: Mullvad, NordVPN, ProtonVPN.
This feature is configurable.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Avoid forcing `DLT_EN10MB` but use the same data link type of the input
pcap.
This way, we can use extcap functionality with input traces having Linux
"cooked" capture encapsulation, i.e. traces captured on "any" interface
|
| | |
|
| |
|
|
|
| |
(#2541)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Keep track if we received CH or/and SH messsages: usefull with
unidirectional flows
|
| |
|
|
| |
When the required slot is too big, use the latest/bigger available bin,
not in the first one.
|
| |
|
|
| |
Updtae pl7m code (fix a Use-of-uninitialized-value error and add GTP
support)
|
| | |
|
| |
|
|
|
|
|
| |
On extra-dissection data-path we only need to look for the hash (the
flow is already classified as Bittorrent).
As a nice side-effect, the confidence is now always with the right
value.
|
| | |
|
| | |
|
| |
|
|
| |
Japanese Yahoo domains are missed. Add yahoo.co.jp, yimg.jp, and the
domain for ads seen when accessing yahoo.co.jp.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
master or app) is not recognized
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
bool ndpi_is_proto(ndpi_master_app_protocol proto, u_int16_t p);
bool ndpi_is_proto_unknown(ndpi_master_app_protocol proto);
bool ndpi_is_proto_equals(ndpi_master_app_protocol to_check, ndpi_master_app_protocol to_match, bool exact_match_only);
u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name);
char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
extern ndpi_master_app_protocol ndpi_get_protocol_by_name(struct ndpi_detection_module_struct *ndpi_str, const char *name);
Removed (duplicate of ndpi_get_proto_by_name)
int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto);
|
| | |
|
| |
|
| |
The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
See also #2523
---------
Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
|
| |
|
|
|
|
|
| |
Skipping node at depth = AC_PATTRN_MAX_LENGTH inside `ac_automata_walk()` caused this leak, as one of the added patterns has len = AC_PATTRN_MAX_LENGTH (not including the null char), this change avoid this.
Fix: #2258
Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
|
| | |
|
| |
|
| |
ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
|
| | |
|
| | |
|
| | |
|