Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. (#1639) | Toni | 2022-07-06 | |
| | | | | | | | | | | | | | | | | | * Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Revert "SMTP with STARTTLS is now identified as SMTPS" This reverts commit 52d987b603f49d996b4060f43265d1cf43c3c482. * Revert "Compilation fix" This reverts commit c019946f601bf3b55f64f78841a0d696e6c0bfc5. * Sync unit tests. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Compilation fix | Luca Deri | 2022-07-05 | |
| | ||||
* | Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636) | Ivan Nardi | 2022-07-05 | |
| | ||||
* | Detect SMTPs w/ STARTTLS as TLS and dissect client/server hello. Fixes ↵ | Toni | 2022-07-05 | |
| | | | | | | | #1630. (#1637) * FTP needs to get updated as well as it has similiar STARTTLS semantics -> follow-up Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Set CiscoVPN as a network protocol | Luca Deri | 2022-07-04 | |
| | ||||
* | Replaced malicious JA3-md5/SSL-cert-sha1 ac automata with hashmaps. | Toni Uhlig | 2022-07-04 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Added UltraSurf protocol dissector. (#1618) | Toni | 2022-07-04 | |
| | | | | | * TLSv1.3 UltraSurf flows are not detected by now Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Add two new confidence values: confidence by partial DPI (#1632) | Ivan Nardi | 2022-07-04 | |
| | | | | Used for all classifications based on partial/incomplete DPI information, i.e. all classifications done in `ndpi_detection_giveup()`. | |||
* | Added i3D and RiotGames protocol dissectors. (#1609) | Toni | 2022-07-03 | |
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | TargusDataspeed: avoid false positives (#1628) | Ivan Nardi | 2022-07-03 | |
| | | | | | TargusDataspeed dissector doesn't perform any real DPI checks but it only looks at the TCP/UDP ports. Delete it, and use standard logic to classify these flows by port. | |||
* | Skype_Teams, Mining, SnapchatCall: fix flow category (#1624) | Ivan Nardi | 2022-07-03 | |
| | ||||
* | Minor changes in how classification results are set (#1623) | Ivan Nardi | 2022-07-03 | |
| | | | | | Protocol classification should always be set via `ndpi_set_detected_protocol()`: this way, the values in `flow->detected_protocol_stack[]` are always coherent. | |||
* | Fix category for mail sessions (#1621) | Ivan Nardi | 2022-07-03 | |
| | | | Close #629 | |||
* | Fixed SMTP default port 587 | Luca Deri | 2022-07-02 | |
| | ||||
* | Renamed Z39.50 -> Z3950 as the '.' breaks the naming convention | Luca | 2022-06-28 | |
| | | | | QUIC is a network protocol | |||
* | Enhanced TLS risk info reported to users | Luca Deri | 2022-06-28 | |
| | ||||
* | Added default port for syslog TCP | Luca Deri | 2022-06-27 | |
| | ||||
* | Fix compilation and sync unit tests results (#1606) | Ivan Nardi | 2022-06-20 | |
| | ||||
* | Added unidirectional traffic flow risk | Luca Deri | 2022-06-20 | |
| | ||||
* | Improved SOAP via HTTP. (#1605) | Toni | 2022-06-18 | |
| | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Added collectd dissector (again). (#1601) | Toni | 2022-06-17 | |
| | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Improved IPSec/ISAKMP detection. (#1600) | Toni | 2022-06-16 | |
| | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Add support for PIM (Protocol Indipendent Multicast) protocol (#1599) | Ivan Nardi | 2022-06-15 | |
| | | | Close #1598 | |||
* | Restored ndpi_set_proto_defaults() prototype | Luca Deri | 2022-06-13 | |
| | | | | Updated test results | |||
* | Improved DNS traffic analysis | Luca Deri | 2022-06-13 | |
| | | | | Added ability to identify application and network protocols | |||
* | Added Pragmatic General Multicast (PGM) protocol detection | Luca Deri | 2022-06-08 | |
| | ||||
* | Fixed syslog false negatives. (#1582) | Toni | 2022-06-05 | |
| | | | | | - RSH vs Syslog may still happen for midstream traffic Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Added RSH dissector. Fixes #202. (#1581) | Toni | 2022-06-04 | |
| | | | | | | - added syslog false-positive pcap that was missing in 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c - added NDPI_ARRAY_LENGTH() macro, usable on `type var[]` declarations Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Add support for GoTo products (mainly GoToMeeting) (#1580) | Ivan Nardi | 2022-06-04 | |
| | | | There is some overlap with Citrix protocol. | |||
* | Improved message for known proto on non std port | Luca Deri | 2022-05-30 | |
| | ||||
* | Added ability to return risk info in JSON format in ndpi_get_flow_risk_info() | Luca | 2022-05-30 | |
| | ||||
* | Added RiskInfo string | Luca Deri | 2022-05-30 | |
| | ||||
* | Fix dissection of IPv4 header (#1561) | Ivan Nardi | 2022-05-29 | |
| | | | | | See: https://github.com/ntop/nDPI/runs/6643914510?check_suite_focus=true Convert al the `MIN(a,b)` calls to `ndpi_min(a,b)` | |||
* | Compilation fixes for old ggc's | Luca Deri | 2022-05-29 | |
| | ||||
* | Added detection for WordPress exploits | Luca Deri | 2022-05-29 | |
| | | | | Fixed ndpi_iph_is_valid_and_not_fragmented() that was bugged with non UDP traffic | |||
* | Added MPEG-DASH dissector. Fixes #1223. (#1555) | Toni | 2022-05-29 | |
| | | | | | | * Improved HTTP POST detection * Refactored subprotocol detection Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Updated SkypeCall -> Skype_TeamsCall | Luca Deri | 2022-05-26 | |
| | ||||
* | Moved RTSP http patterns to the protocol source file. | lns | 2022-05-19 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
* | DNS-over-QUIC: update default port (#1548) | Ivan Nardi | 2022-05-12 | |
| | | | | | | Final RFC (https://www.rfc-editor.org/rfc/rfc9250.txt) changed the default port to 853 (from the 784 used on the early drafts). Since there is at least one deployed implementation still stuck at draft-02, keep also the old value, for the time being. | |||
* | Added Softether(-VPN) DDNS service detection. (#1544) | Toni | 2022-05-09 | |
| | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Added Edgecast and Cachefly CDNs. (#1540) | Toni | 2022-05-07 | |
| | | | | | | | | * Improved ASN update script * Ran `utils/update_every_lists.sh' * `tests/do.sh.in' prints the amount of failed pcap(s) * `utils/asn_update.sh' prints the amount of failed download(s) Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Fix compilation (if `--enable-debug-messages` is used) (#1539) | Ivan Nardi | 2022-05-04 | |
| | ||||
* | Added extra check to make sure that the guessed protocol is the one we ↵ | Luca Deri | 2022-05-04 | |
| | | | | expect and not another one | |||
* | Fixes bug that prevents triggering alerts for traffic on non-standard ports ↵ | Luca Deri | 2022-05-04 | |
| | | | | | | that have been defined in the custom protocols file Fixes https://github.com/ntop/ntopng/issues/6458 | |||
* | Added ndpi_get_flow_error_code() API call | Luca Deri | 2022-05-02 | |
| | | | | Fixed typo | |||
* | Added ability to store custom category file in patricia tree | Luca Deri | 2022-04-26 | |
| | ||||
* | Added generic user agent setter. (#1530) | Toni | 2022-04-25 | |
| | | | | | * ndpiReader: Print user agent if one was set and not just for certain protocols. Signed-off-by: lns <matzeton@googlemail.com> | |||
* | XIAOMI: add detection of Xiaomi traffic (#1529) | Ivan Nardi | 2022-04-25 | |
| | | | Most of the credits should go to @utoni (see #1521) | |||
* | Added RakNet protocol dissector. (#1527) | Toni | 2022-04-24 | |
| | | | | | * Frame Set PDU's do not get fully dissected for the sake of simplicity Signed-off-by: lns <matzeton@googlemail.com> | |||
* | Code cleanup (removed redundancy) | Luca Deri | 2022-04-22 | |
| |