aboutsummaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAge
* CI: fix documentation job (#2698)Ivan Nardi2025-01-24
|
* Unify "Skype" and "Teams" ids (#2687)Ivan Nardi2025-01-20
| | | | | | * Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` -> `NDPI_PROTOCOL_MSTEAMS_CALL` * Rename ip list from "Skype/Teams" to "Teams"
* Minor follow-up for DigitalOcean support (#2682)Ivan Nardi2025-01-17
|
* TLS: remove JA3C (#2679)Ivan Nardi2025-01-14
| | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551
* Temporarely reverts ↵Luca Deri2025-01-13
| | | | https://github.com/ntop/nDPI/commit/d351907af8b93020d5d4ac2949d8e9dd0cfb0dd7
* Add Vivox support (#2668)Vladimir Gavrilov2025-01-11
|
* Improve documentation (#2661)Ivan Nardi2025-01-10
| | | | Integrate .md files into official documentation See: https://stackoverflow.com/questions/46278683/include-my-markdown-readme-into-sphinx/68005314#68005314
* Add the ability to enable/disable every specific flow risks (#2653)Ivan Nardi2025-01-06
|
* Add support Yandex Alice (#2633)Evgeny Shtanov2024-11-29
| | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* Add support for Paramount+ streaming serviceIvan Nardi2024-11-25
|
* Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615)Ivan Nardi2024-11-12
| | | Extend content match list
* SIP: extract some basic metadataIvan Nardi2024-11-12
|
* Add Naver protocol support (#2610)Vladimir Gavrilov2024-11-01
|
* Add Paltalk protocol support (#2606)Vladimir Gavrilov2024-10-28
|
* Add configuration of TCP fingerprint computation (#2598)Ivan Nardi2024-10-18
| | | Extend configuration of raw format of JA4C fingerprint
* Add monitoring capability (#2588)Ivan Nardi2024-10-14
| | | | | | | | | | | | | Allow nDPI to process the entire flows and not only the first N packets. Usefull when the application is interested in some metadata spanning the entire life of the session. As initial step, only STUN flows can be put in monitoring. See `doc/monitoring.md` for further details. This feature is disabled by default. Close #2583
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* TLS: detect abnormal padding usage (#2579)Ivan Nardi2024-10-01
| | | | Padding is usually some hundreds byte long. Longer padding might be used as obfuscation technique to force unusual CH fragmentation
* Add enable/disable guessing using client IP/port (#2569)Liam Wilson2024-09-27
| | | | | | | | Add configurable options for whether to include client port or client IP in the flow's protocol guesses. This defaults to include both client port/IP if the protocol is not guessed with the server IP/port. This is intended for when flow direction detection is enabled, so we know that sport = client port, dport = server port.
* Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553)Ivan Nardi2024-09-24
| | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.
* Allow IP guess before port in ndpi_detection_giveup (#2562)Liam Wilson2024-09-20
| | | | Add dpi.guess_ip_before_port which when enabled uses classification by-ip before classification by-port.
* Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547)Ivan Nardi2024-09-16
| | | | | | | | | | | | Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default.
* RTMP: improve detection (#2549)Ivan Nardi2024-09-10
|
* Add detection of Windscribe VPNNardi Ivan2024-09-05
|
* Add detection of CactusVPNNardi Ivan2024-09-05
|
* Add detection of SurfShark VPNNardi Ivan2024-09-05
|
* OpenVPN, Wireguard: improve sub-classificationNardi Ivan2024-09-05
| | | | | | | | Allow sub-classification of OpenVPN/Wireguard flows using their server IP. That is useful to detect the specific VPN application/app used. At the moment, the supported protocols are: Mullvad, NordVPN, ProtonVPN. This feature is configurable.
* Add detection of NordVPNNardi Ivan2024-09-05
|
* Add Lustre protocol detection support (#2544)Vladimir Gavrilov2024-09-04
|
* HTTP, QUIC, TLS: allow to disable sub-classification (#2533)Ivan Nardi2024-09-03
|
* Update docAlfredo Cardigliano2024-09-02
|
* Add TRDP protocol support (#2528)Vladimir Gavrilov2024-08-25
| | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
* Add Automatic Tank Gauge protocol (#2527)wssxsxxsx2024-08-23
| | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add CNP/IP protocol support (#2521)Vladimir Gavrilov2024-08-22
| | | ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
* Add OpenWire support (#2513)Vladimir Gavrilov2024-07-22
|
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* FPC: add DNS correlation (#2497)mmanoj2024-07-22
| | | | | | | | | Use DNS information to get a better First Packet Classification. See: #2322 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Performed some grammar and typo fixes (#2511)Petr2024-07-19
|
* Add Nano (XNO) protocol support (#2508)Vladimir Gavrilov2024-07-18
|
* Add HLS support (#2502)Vladimir Gavrilov2024-07-16
|
* Add Ripe Atlas probe protocol. (#2473)Toni2024-06-17
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* Added protocol - JRMI - Java Remote Method Invocation (#2470)Mark Jeffery2024-06-15
|
* RTP/STUN: look for STUN packets after RTP/RTCP classification (#2465)Ivan Nardi2024-06-07
| | | | | | | | | | After a flow has been classified as RTP or RTCP, nDPI might analyse more packets to look for STUN/DTLS packets, i.e. to try to tell if this flow is a "pure" RTP/RTCP flow or if the RTP/RTCP packets are multiplexed with STUN/DTLS. Useful for proper (sub)classification when the beginning of the flows are not captured or if there are lost packets in the the captured traffic. Disabled by default
* Zoom: faster detection of P2P flows (#2467)Ivan Nardi2024-06-07
|
* Add ZUG consensus protocol dissector. (#2458)Toni2024-05-28
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* More NDPI_PROBING_ATTEMPT changesLuca2024-05-22
|
* Added dpi.compute_entropy configuration parameterLuca Deri2024-05-18
|
* Add Call of Duty Mobile support (#2438)Vladimir Gavrilov2024-05-15
|
* Add Ethernet Global Data support (#2437)Vladimir Gavrilov2024-05-11
|
Powered by cgit, Themed by Ted Yin.