| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Improve Ubiquiti device discovery request/response detection.improve/ubiquiti-device-discovery | Toni Uhlig | 2025-05-12 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add vkvideo domain (#2809) | Vladimir Gavrilov | 2025-05-12 |
| | | |||
| * | Add Rockstar Games detection (#2805) | Vladimir Gavrilov | 2025-04-28 |
| | | |||
| * | Add Microsoft Delivery Optimization protocol (#2799) | Vladimir Gavrilov | 2025-04-28 |
| | | |||
| * | Add a new specific ID for generic Ubiquity traffic (#2796) | Ivan Nardi | 2025-04-16 |
| | | |||
| * | UBNTAC2,Ookla: improve detection (#2793) | Ivan Nardi | 2025-04-10 |
| | | |||
| * | Follow-up of latest Signal call change (see: 4d41588a7) | Ivan Nardi | 2025-04-05 |
| | | |||
| * | blizzard: add detection of Overwatch2 | Ivan Nardi | 2025-03-30 |
| | | |||
| * | WoW: update detection | Ivan Nardi | 2025-03-30 |
| | | | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT` | ||
| * | Rework the old Starcraft code to identify traffic from generic Blizzard ↵ | Ivan Nardi | 2025-03-25 |
| | | | | | | games (#2776) Remove `NDPI_PROTOCOL_STARCRAFT` and add a generic `NDPI_PROTOCOL_BLIZZARD`. | ||
| * | armagetron: update code (#2777) | Ivan Nardi | 2025-03-25 |
| | | |||
| * | Rework the old MapleStory code to identify traffic from generic Nexon games ↵ | Ivan Nardi | 2025-03-19 |
| | | | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON` | ||
| * | TLS: avoid sub-classification for RDP flows (#2769) | Ivan Nardi | 2025-03-14 |
| | | | | | | | | | | | | | | | | | These flows are already classified as TLS.RDP. This change also fix a memory leak ``` Direct leak of 62 byte(s) in 1 object(s) allocated from: #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46 #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13 #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46 #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10 #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5 ``` Found by oss-fuzz. See: https://oss-fuzz.com/testcase-detail/5244512192757760 | ||
| * | Add GearUP Booster protocol dissector (heuristic based). (#2765) | Toni | 2025-03-07 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Improved Tor detection | Luca Deri | 2025-02-24 |
| | | |||
| * | UBNTAC2: rework detection (#2744) | Ivan Nardi | 2025-02-23 |
| | | |||
| * | Add LagoFast protocol dissector. (#2743) | Toni | 2025-02-23 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Update the capture length of the ssdp example (#2741) | Ivan Nardi | 2025-02-21 |
| | | | | | | | | | Some old libpcap versions don't handle pcap files with capture length bigger than 262144 bytes ``` ERROR: could not open pcap file: invalid interface capture length 524288, bigger than maximum of 262144 ``` | ||
| * | DNS: fix message parsing (#2732) | Ivan Nardi | 2025-02-16 |
| | | |||
| * | Implement SSDP Metadata export (#2729) | Ivan Kapranov | 2025-02-16 |
| | | | | Close #2524 | ||
| * | Added RUTUBE (#2725) | Ivan Kapranov | 2025-02-15 |
| | | |||
| * | DNS: fix dissection (#2726) | Ivan Nardi | 2025-02-15 |
| | | |||
| * | DNS: try to simplify the code (#2718) | Ivan Nardi | 2025-02-12 |
| | | | | Set the classification in only one place in the code. | ||
| * | DNS: fix dissection when there is only the response message | Ivan Nardi | 2025-02-11 |
| | | |||
| * | DNS: extend tests | Ivan Nardi | 2025-02-11 |
| | | |||
| * | Extend regression tests | Ivan Nardi | 2025-02-04 |
| | | |||
| * | RTP: improve detection of multimedia type for Signal calls (#2697) | Ivan Nardi | 2025-01-24 |
| | | |||
| * | Add Vivox support (#2668) | Vladimir Gavrilov | 2025-01-11 |
| | | |||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Path of Exile 2 support (#2654) | Vladimir Gavrilov | 2025-01-06 |
| | | |||
| * | STUN: fix monitoring (#2639) | Ivan Nardi | 2024-12-06 |
| | | |||
| * | signal: improve detection of chats and calls (#2637) | Ivan Nardi | 2024-12-04 |
| | | |||
| * | Add support Yandex Alice (#2633) | Evgeny Shtanov | 2024-11-29 |
| | | | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | ||
| * | Add support for Paramount+ streaming service | Ivan Nardi | 2024-11-25 |
| | | |||
| * | RTP, STUN: improve detection of multimedia flow type (#2620) | Ivan Nardi | 2024-11-19 |
| | | | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field... | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | HTTP: fix leak and out-of-bound error on credential extraction (#2611) | Ivan Nardi | 2024-11-01 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Added support for RDP over TLS | Luca Deri | 2024-10-19 |
| | | |||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | TLS: detect abnormal padding usage (#2579) | Ivan Nardi | 2024-10-01 |
| | | | | | Padding is usually some hundreds byte long. Longer padding might be used as obfuscation technique to force unusual CH fragmentation | ||
| * | TLS: heuristics: fix memory allocations (#2577) | Ivan Nardi | 2024-09-30 |
| | | | | | Allocate heuristics state only if really needed. Fix memory leak (it happened with WebSocket traffic on port 443) | ||
| * | Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) | Ivan Nardi | 2024-09-24 |
| | | | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default. | ||
| * | Fix Sonos trace | Nardi Ivan | 2024-09-24 |
| | | |||
| * | Added Sonos protocol detection | Luca Deri | 2024-09-24 |
| | | |||