| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | DNS: faster exclusion (#2719) | Ivan Nardi | 2025-02-12 |
| | | |||
| * | ndpiReader: print more DNS information (#2717) | Ivan Nardi | 2025-02-11 |
| | | |||
| * | DNS: disable subclassification by default (#2715) | Ivan Nardi | 2025-02-11 |
| | | | | | Prelimary change to start supporting multiple DNS transactions on the same flow | ||
| * | Auto-generate Microsoft-related list of domains (#2688) | Ivan Nardi | 2025-01-31 |
| | | |||
| * | Unify "Skype" and "Teams" ids (#2687) | Ivan Nardi | 2025-01-20 |
| | | | | | | | * Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` -> `NDPI_PROTOCOL_MSTEAMS_CALL` * Rename ip list from "Skype/Teams" to "Teams" | ||
| * | Added DigitalOcean protocol | Luca Deri | 2025-01-17 |
| | | |||
| * | Remove JA3C output from ndpiReader (#2667) | Ivan Nardi | 2025-01-12 |
| | | | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 | ||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | ndpiReader: update JA statistics (#2646) | Ivan Nardi | 2025-01-06 |
| | | | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context | ||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options | Luca Deri | 2024-10-27 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | STUN: if the same metadata is found multiple times, keep the first value (#2591) | Ivan Nardi | 2024-10-15 |
| | | |||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Exports DNS A/AAAA responses (up to 4 addresses) | Luca | 2024-10-02 |
| | | | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response | ||
| * | Tls out of order (#2561) | Ivan Nardi | 2024-09-18 |
| | | | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions | ||
| * | Added fix for handling Server Hello before CLient Hello | Luca | 2024-09-17 |
| | | |||
| * | oracle: fix dissector (#2548) | Ivan Nardi | 2024-09-07 |
| | | | | | We can do definitely better, but this change is a big improvements respect the current broken code | ||
| * | Add Lustre protocol detection support (#2544) | Vladimir Gavrilov | 2024-09-04 |
| | | |||
| * | Align serialized risk names to all others (first letter; uppercase letter) ↵ | Toni | 2024-09-03 |
| | | | | | | (#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fix CNP-IP false positives (#2531) | Vladimir Gavrilov | 2024-08-30 |
| | | |||
| * | Add TRDP protocol support (#2528) | Vladimir Gavrilov | 2024-08-25 |
| | | | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP). | ||
| * | Add Automatic Tank Gauge protocol (#2527) | wssxsxxsx | 2024-08-23 |
| | | | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||
| * | Add CNP/IP protocol support (#2521) | Vladimir Gavrilov | 2024-08-22 |
| | | | | ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems. | ||
| * | Fixed probing attempt risk that was creating false positives | Luca Deri | 2024-08-07 |
| | | |||
| * | FPC: add DPI information (#2514) | Ivan Nardi | 2024-07-23 |
| | | | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC | ||
| * | Add OpenWire support (#2513) | Vladimir Gavrilov | 2024-07-22 |
| | | |||
| * | FPC: small improvements (#2512) | Ivan Nardi | 2024-07-22 |
| | | | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics. | ||
| * | FPC: add DNS correlation (#2497) | mmanoj | 2024-07-22 |
| | | | | | | | | | | Use DNS information to get a better First Packet Classification. See: #2322 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||
| * | Add Nano (XNO) protocol support (#2508) | Vladimir Gavrilov | 2024-07-18 |
| | | |||
| * | Improve detection of Cloudflare WARP traffic (#2491) | Ivan Nardi | 2024-07-04 |
| | | | | See: #2484 | ||
| * | Add infrastructure for explicit support of Fist Packet Classification (#2488) | Ivan Nardi | 2024-07-03 |
| | | | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322 | ||
| * | Add Ripe Atlas probe protocol. (#2473) | Toni | 2024-06-17 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Zoom: remove "stun_zoom" LRU cache | Nardi Ivan | 2024-06-17 |
| | | | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows | ||
| * | Added protocol - JRMI - Java Remote Method Invocation (#2470) | Mark Jeffery | 2024-06-15 |
| | | |||
| * | STUN: add support for Microsoft Multiplexed TURN channels (#2464) | Ivan Nardi | 2024-06-05 |
| | | |||
| * | support rtp/rtcp over tcp (#2422) (#2457) | Maatuq | 2024-05-28 |
| | | | | | | Support rtp/rtcp over tcp as per rfc4571. Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com> | ||
| * | Add ZUG consensus protocol dissector. (#2458) | Toni | 2024-05-28 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | CiscoVPN: we detect it only over UDP (#2454) | Ivan Nardi | 2024-05-28 |
| | | | | The original code handled also TCP/TLS, but it was removed in 6fc29b3ae | ||
| * | More NDPI_PROBING_ATTEMPT changes | Luca | 2024-05-22 |
| | | |||
| * | Follow-up of 2093ac5bf (#2451) | Ivan Nardi | 2024-05-21 |
| | | |||
| * | Minor dissector optimizations | Luca Deri | 2024-05-20 |
| | | |||
| * | Add Call of Duty Mobile support (#2438) | Vladimir Gavrilov | 2024-05-15 |
| | | |||
| * | H323: improve detection and avoid false positives (#2432) | Ivan Nardi | 2024-05-11 |
| | | |||