| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Add GearUP Booster protocol dissector (heuristic based).add/gearup_booster-protocol-dissector | Toni Uhlig | 2025-03-07 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Improved Tor detection | Luca Deri | 2025-02-24 |
| | | |||
| * | UBNTAC2: rework detection (#2744) | Ivan Nardi | 2025-02-23 |
| | | |||
| * | Add LagoFast protocol dissector. (#2743) | Toni | 2025-02-23 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Update the capture length of the ssdp example (#2741) | Ivan Nardi | 2025-02-21 |
| | | | | | | | | | Some old libpcap versions don't handle pcap files with capture length bigger than 262144 bytes ``` ERROR: could not open pcap file: invalid interface capture length 524288, bigger than maximum of 262144 ``` | ||
| * | DNS: fix message parsing (#2732) | Ivan Nardi | 2025-02-16 |
| | | |||
| * | Implement SSDP Metadata export (#2729) | Ivan Kapranov | 2025-02-16 |
| | | | | Close #2524 | ||
| * | Added RUTUBE (#2725) | Ivan Kapranov | 2025-02-15 |
| | | |||
| * | DNS: fix dissection (#2726) | Ivan Nardi | 2025-02-15 |
| | | |||
| * | DNS: try to simplify the code (#2718) | Ivan Nardi | 2025-02-12 |
| | | | | Set the classification in only one place in the code. | ||
| * | DNS: fix dissection when there is only the response message | Ivan Nardi | 2025-02-11 |
| | | |||
| * | DNS: extend tests | Ivan Nardi | 2025-02-11 |
| | | |||
| * | Extend regression tests | Ivan Nardi | 2025-02-04 |
| | | |||
| * | RTP: improve detection of multimedia type for Signal calls (#2697) | Ivan Nardi | 2025-01-24 |
| | | |||
| * | Add Vivox support (#2668) | Vladimir Gavrilov | 2025-01-11 |
| | | |||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Path of Exile 2 support (#2654) | Vladimir Gavrilov | 2025-01-06 |
| | | |||
| * | STUN: fix monitoring (#2639) | Ivan Nardi | 2024-12-06 |
| | | |||
| * | signal: improve detection of chats and calls (#2637) | Ivan Nardi | 2024-12-04 |
| | | |||
| * | Add support Yandex Alice (#2633) | Evgeny Shtanov | 2024-11-29 |
| | | | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | ||
| * | Add support for Paramount+ streaming service | Ivan Nardi | 2024-11-25 |
| | | |||
| * | RTP, STUN: improve detection of multimedia flow type (#2620) | Ivan Nardi | 2024-11-19 |
| | | | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field... | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | HTTP: fix leak and out-of-bound error on credential extraction (#2611) | Ivan Nardi | 2024-11-01 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Added support for RDP over TLS | Luca Deri | 2024-10-19 |
| | | |||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | TLS: detect abnormal padding usage (#2579) | Ivan Nardi | 2024-10-01 |
| | | | | | Padding is usually some hundreds byte long. Longer padding might be used as obfuscation technique to force unusual CH fragmentation | ||
| * | TLS: heuristics: fix memory allocations (#2577) | Ivan Nardi | 2024-09-30 |
| | | | | | Allocate heuristics state only if really needed. Fix memory leak (it happened with WebSocket traffic on port 443) | ||
| * | Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) | Ivan Nardi | 2024-09-24 |
| | | | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default. | ||
| * | Fix Sonos trace | Nardi Ivan | 2024-09-24 |
| | | |||
| * | Added Sonos protocol detection | Luca Deri | 2024-09-24 |
| | | |||
| * | TLS: improve handling of Change Cipher message (#2564) | Ivan Nardi | 2024-09-23 |
| | | |||
| * | Tls out of order (#2561) | Ivan Nardi | 2024-09-18 |
| | | | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions | ||
| * | Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547) | Ivan Nardi | 2024-09-16 |
| | | | | | | | | | | | | | Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default. | ||
| * | QUIC: add a basic heuristic to detect mid-flows | Nardi Ivan | 2024-09-10 |
| | | |||
| * | RTMP: improve detection (#2549) | Ivan Nardi | 2024-09-10 |
| | | |||
| * | Add detection of Windscribe VPN | Nardi Ivan | 2024-09-05 |
| | | |||
| * | Add detection of SurfShark VPN | Nardi Ivan | 2024-09-05 |
| | | |||
| * | OpenVPN, Wireguard: improve sub-classification | Nardi Ivan | 2024-09-05 |
| | | | | | | | | | Allow sub-classification of OpenVPN/Wireguard flows using their server IP. That is useful to detect the specific VPN application/app used. At the moment, the supported protocols are: Mullvad, NordVPN, ProtonVPN. This feature is configurable. | ||
| * | Add detection of NordVPN | Nardi Ivan | 2024-09-05 |
| | | |||
| * | OpenVPN: improve detection | Nardi Ivan | 2024-09-05 |
| | | |||
| * | Add Lustre protocol detection support (#2544) | Vladimir Gavrilov | 2024-09-04 |
| | | |||
| * | Bittorrent: improve detection of UTPv1 and avoid false positives | Nardi Ivan | 2024-09-03 |
| | | |||
| * | Add TRDP protocol support (#2528) | Vladimir Gavrilov | 2024-08-25 |
| | | | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP). | ||