aboutsummaryrefslogtreecommitdiff
path: root/src/include
Commit message (Collapse)AuthorAge
* Added DICOM supportLuca2024-11-15
| | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
* Implemented Mikrotik discovery protocol dissection and metadata extraction ↵Luca Deri2024-11-14
| | | | (#2618)
* Cosmetic changeLuca2024-11-14
|
* Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615)Ivan Nardi2024-11-12
| | | Extend content match list
* SIP: extract some basic metadataIvan Nardi2024-11-12
|
* Unify ndpi debug logging to always use a u16 protocol id (#2613)Toni2024-11-11
| | | | | * fixes SonarCloud complaint Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Naver protocol support (#2610)Vladimir Gavrilov2024-11-01
|
* Increased "struct ndpi_flow_struct" sizeLuca Deri2024-10-31
|
* Added HTTP credentials extractionLuca Deri2024-10-31
|
* Fix blocks with inner-json modeAlfredo Cardigliano2024-10-31
|
* Add new json serialization type ndpi_serialization_format_inner_jsonAlfredo Cardigliano2024-10-31
|
* TLS: export heuristic fingerprint as metadata (#2609)Ivan Nardi2024-10-28
|
* Add Paltalk protocol support (#2606)Vladimir Gavrilov2024-10-28
|
* Added ndpi_str_endswith()Luca Deri2024-10-28
|
* Renamed os hints to avoid name clashesLuca Deri2024-10-19
|
* Increased struct size (#2599)Luca Deri2024-10-19
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Add configuration of TCP fingerprint computation (#2598)Ivan Nardi2024-10-18
| | | Extend configuration of raw format of JA4C fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* Implemented nDPI TCP fingerprintLuca Deri2024-10-15
|
* Add monitoring capability (#2588)Ivan Nardi2024-10-14
| | | | | | | | | | | | | Allow nDPI to process the entire flows and not only the first N packets. Usefull when the application is interested in some metadata spanning the entire life of the session. As initial step, only STUN flows can be put in monitoring. See `doc/monitoring.md` for further details. This feature is disabled by default. Close #2583
* Added sonos dissectorLuca Deri2024-10-13
|
* Added u_int8_t ndpi_is_public_ipv4(u_int32_t a /* host byte order */);Luca Deri2024-10-13
|
* Added -N option for dumping/restoring the DNS cache (when enabled)Luca Deri2024-10-10
| | | | Example ndpiReader -i en0 --cfg=dpi.address_cache_size,32768 -N /tmp/a
* Added new API calls for serializing/restoring the DNS cacheLuca Deri2024-10-10
| | | | | - bool ndpi_address_cache_dump(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); - u_int32_t ndpi_address_cache_restore(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now);
* Added missing #defineLuca Deri2024-10-08
|
* Implemented (disabled by default) DNS host cache. You can set the cache size ↵Luca Deri2024-10-07
| | | | | | | | | | as follows: ndpiReader --cfg=dpi.address_cache_size,1000 -i <pcap>.pcap In the above example the cache has up to 1000 entries. In jcase ndpiReader exports data in JSON, the cache hostname (if found) is exported in the field server_hostname
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* Exports DNS A/AAAA responses (up to 4 addresses)Luca2024-10-02
| | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response
* Let the library returning the packet direction calculated internally (#2572)Ivan Nardi2024-09-27
| | | wireshark, lua: add basic analysis of possible obfuscated flows
* Add enable/disable guessing using client IP/port (#2569)Liam Wilson2024-09-27
| | | | | | | | Add configurable options for whether to include client port or client IP in the flow's protocol guesses. This defaults to include both client port/IP if the protocol is not guessed with the server IP/port. This is intended for when flow direction detection is enabled, so we know that sport = client port, dport = server port.
* Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553)Ivan Nardi2024-09-24
| | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.
* buffer lenghtt is now returned by ndpi_quick_encrypt() and ndpi_quick_deecrypt()Luca Deri2024-09-24
|
* Added new API callsLuca Deri2024-09-24
| | | | | u_int ndpi_hex2bin(u_char *out, u_int out_len, u_char* in, u_int in_len); u_int ndpi_bin2hex(u_char *out, u_int out_len, u_char* in, u_int in_len);
* Added Sonos protocol detectionLuca Deri2024-09-24
|
* Added ndpi_quick_encrypt() ndpi_quick_decrypt() APi calls (#2568)Luca Deri2024-09-24
| | | | | * Added ndpi_quick_encrypt() ndpi_quick_decrypt(0 APi calls based on AES * Added aes.c
* Allow IP guess before port in ndpi_detection_giveup (#2562)Liam Wilson2024-09-20
| | | | Add dpi.guess_ip_before_port which when enabled uses classification by-ip before classification by-port.
* Implemented ndpi_strrstr()Luca Deri2024-09-19
| | | | Fixed bug in ndpi_get_host_domain
* Fixed handling of spurious TCP retransmissionsLuca2024-09-17
|
* Updated ndpi_serialize_flow_fingerprint API signatureLuca2024-09-17
|
* Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547)Ivan Nardi2024-09-16
| | | | | | | | | | | | Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default.
* Reworked fingerprint export now in JSONLuca2024-09-16
|
* Enhanced DHCP fingerprintLuca Deri2024-09-15
| | | | Exported it with -E
* QUIC: add a basic heuristic to detect mid-flowsNardi Ivan2024-09-10
|
* RTMP: improve detection (#2549)Ivan Nardi2024-09-10
|
* Implemented algorithms for K-Nearest Neighbor Search (KNN) (#2554)Luca Deri2024-09-10
| | | | | | | | | | | | | | | | * Extended API with functions for vector similarity based on KD-trees https://en.wikipedia.org/wiki/K-d_tree ndpi_kd_tree* ndpi_kd_create(u_int num_dimensions); void ndpi_kd_free(ndpi_kd_tree *tree); void ndpi_kd_clear(ndpi_kd_tree *tree); bool ndpi_kd_insert(ndpi_kd_tree *tree, const double *data_vector, void *user_data); ndpi_kd_tree_result *ndpi_kd_nearest(ndpi_kd_tree *tree, const double *data_vector); u_int32_t ndpi_kd_num_results(ndpi_kd_tree_result *res); bool ndpi_kd_result_end(ndpi_kd_tree_result *res); double* ndpi_kd_result_get_item(ndpi_kd_tree_result *res, double **user_data); bool ndpi_kd_result_next(ndpi_kd_tree_result *res); void ndpi_kd_result_free(ndpi_kd_tree_result *res); double ndpi_kd_distance(double *a1, double *b2, u_int num_dimensions);
* Fix compilation (#2546)Ivan Nardi2024-09-05
|
* Implemented JA4 raw (ja4_r) fingerprintLuca Deri2024-09-05
| | | | | Example: ./example/ndpiReader -i tests/pcap/safari.pcap --cfg=tls,metadata.ja4r_fingerprint,1
* Add detection of Windscribe VPNNardi Ivan2024-09-05
|
* Add detection of CactusVPNNardi Ivan2024-09-05
|
Powered by cgit, Themed by Ted Yin.