| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Fixed missing symbol | Luca Deri | 2021-01-02 |
| | | |||
| * | Added HTTP suspicious content securirty risk (useful for tracking trickbot) | Luca Deri | 2021-01-02 |
| | | |||
| * | Added known protocol on unknown port for ntop | Luca Deri | 2020-12-28 |
| | | |||
| * | Introduced fix on TLS for discarding traffic out of sequence that might ↵ | Luca Deri | 2020-12-22 |
| | | | | | invalidate dissection | ||
| * | Type change to avoid Windows compilation issues | Luca Deri | 2020-12-17 |
| | | |||
| * | Improved HTTP dissection | Luca Deri | 2020-12-16 |
| | | |||
| * | soulseek: fix heap buffer overflow (#1083) | Ivan Nardi | 2020-12-11 |
| | | | | Close #1082 | ||
| * | Added initialization | Luca Deri | 2020-12-11 |
| | | |||
| * | Rename Jabber detection name as we are not sure if it is unencrypted e.g. if ↵ | Toni | 2020-12-08 |
| | | | | | | START_TLS used. (#1079) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add a connectionless DCE/RPC detection (#1078) | rafaliusz | 2020-12-08 |
| | | | | | | | | * Add connectionless DCE/RPC detection * Add DCE/RPC pcap file as well as its test result Co-authored-by: rafal <rafal.burzynski@cryptomage.com> | ||
| * | QUIC: sync with Wireshark latest changes (#1074) | Ivan Nardi | 2020-12-08 |
| | | | | | | | | | | Most of the QUIC crypto code has been "copied-and-pasted" from Wireshark; try to stay in sync with the original sources to ease backporting of fixes. Only cosmetic changes and code refactoring; no behaviour changes or bugfixes. See: https://gitlab.com/wireshark/wireshark/-/commit/5e45f770fd79ca979c41ed397fee72d2e8fb5f1e https://gitlab.com/wireshark/wireshark/-/commit/5798b91c1526747bf688b6746b33562c1b24a9e0 | ||
| * | Warning fix | Alfredo Cardigliano | 2020-11-23 |
| | | |||
| * | Quic fixes (#1067) | Ivan Nardi | 2020-11-22 |
| | | | | | | | | * QUIC: fix return value on error path on quic_cipher_init() * QUIC: allow dissection of sessions forcing version negotiation Enhance heuristic to avoid false positives. | ||
| * | iec60870-5-104: fix heap-buffer-overflow error (#1066) | Ivan Nardi | 2020-11-22 |
| | | |||
| * | Added support for AmongUs. (#1054) | Toni | 2020-11-09 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Improved SSH protocol detection. (#1052) | Toni | 2020-11-09 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | fixes issue #1050 Syntax error caused buffer pointer to equal 0x1 (#1051) | Don J. Rude | 2020-11-09 |
| | | | | | | | | | | | | | | | | | | * Syntax error caused buffer pointer to equal 0x1 Possible copy-paste from lines 141-142? * Another comma operator * whitespace matching * another comma operator * another comma operator * another comma operator * Check for non-zero payload | ||
| * | Updated ESNI/SNI alarm generation prolicy | Luca Deri | 2020-11-08 |
| | | |||
| * | Reworked IEC60870 dissector | Luca Deri | 2020-11-04 |
| | | |||
| * | IEC60870 dissection improvements | Luca Deri | 2020-11-04 |
| | | |||
| * | :bulb: Add mongodb protocol dissector (#1048) | Leonn | 2020-11-03 |
| | | |||
| * | QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044) | Ivan Nardi | 2020-11-03 |
| | | | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak | ||
| * | Fix for detecting numeric IPs | Luca Deri | 2020-11-01 |
| | | |||
| * | Added boundary check | Luca Deri | 2020-10-27 |
| | | |||
| * | Improve skype detection (#1039) | Igor Duarte | 2020-10-27 |
| | | | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection | ||
| * | Added -D flag for detecting DoH in the wild | Luca Deri | 2020-10-26 |
| | | | | | Removed heuristic from CiscoVPN as it leads to false positives | ||
| * | Various improvemement when using ndpi_pref_enable_tls_block_dissection: | Luca Deri | 2020-10-24 |
| | | | | | | | application data TLS blocks are now ignored when exchanged before - the end of certificate negotiation (up to TLS 1.2) - change cipher | ||
| * | Added CPHA - CheckPoint High Availability Protocol protocl support | Luca Deri | 2020-10-22 |
| | | |||
| * | Fixes #1033 | Luca Deri | 2020-10-21 |
| | | |||
| * | Added fix for invalid SNI check when SNI is missing | Luca Deri | 2020-10-02 |
| | | |||
| * | QUIC: fix dissection of "offset" field (#1025) | Ivan Nardi | 2020-09-29 |
| | | | | | | | | The "offset" field is a variable-length integer. This bug hasn't any practical effects right now, since we are ignoring any packet with "offset" != 0 (and the value 0 is always encoded in only one byte). But extracting a correct "offset" is important if we are ever going to handle fragmented Client Hello messages. | ||
| * | Added extra boundary checks | Luca Deri | 2020-09-26 |
| | | |||
| * | Boundary fix | Luca Deri | 2020-09-25 |
| | | |||
| * | Various optimizations to reduce not-necessary calls | Luca Deri | 2020-09-24 |
| | | | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive | ||
| * | Improved boundary check to prevent overflow | Luca Deri | 2020-09-23 |
| | | |||
| * | Minor UA handling improvement to avoid heap-overflow | Luca Deri | 2020-09-22 |
| | | |||
| * | Minor change for alignment issue | Luca Deri | 2020-09-21 |
| | | |||
| * | Added risks for checking | Luca Deri | 2020-09-21 |
| | | | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension | ||
| * | Merge pull request #1019 from IvanNardi/quic_fb | Luca Deri | 2020-09-20 |
| |\ | | | | | QUIC: add support for MVFST EXPERIMENTAL version | ||
| | * | QUIC: add support for MVFST EXPERIMENTAL version | Nardi Ivan | 2020-09-20 |
| | | | |||
| * | | Merge pull request #1017 from lnslbrty/fix/mingw-xcompile | Luca Deri | 2020-09-20 |
| |\ \ | |/ |/| | Added support for mingw xcompile. | ||
| | * | Fixed shlib xcompile for x86_64-w64-mingw32 | Toni Uhlig | 2020-09-08 |
| | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 |
| | | | |||
| * | | Merge pull request #1012 from IvanNardi/ua | Luca Deri | 2020-09-17 |
| |\ \ | | | | | | | QUIC: extract User Agent information | ||
| | * | | TLS: fix memory accesses in QUIC transport parameters extension | Nardi Ivan | 2020-09-10 |
| | | | | |||
| | * | | QUIC: extract User Agent information | Nardi Ivan | 2020-09-08 |
| | | | | |||
| | * | | http: create a common function to parse User Agent field | Nardi Ivan | 2020-09-08 |
| | | | | | | | | | | | | | Prepare the code to handle UA information from flows other than HTTP | ||
| * | | | Disabled QUIC tracing that pollutes the output | Luca Deri | 2020-09-17 |
| | | | | |||
| * | | | Added boundary check | Luca Deri | 2020-09-10 |
| | | | | |||
| * | | | Merge pull request #1014 from lnslbrty/improved/teamspeak | Luca Deri | 2020-09-09 |
| |\ \ \ | | | | | | | | | Improved Teamspeak(3) protocol detection. | ||