aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out
Commit message (Collapse)AuthorAge
* ndpiReader: print categories summary (#2895)Ivan Nardi2025-06-21
|
* Gnutella: simplify code, to support only gtk-gnutella client (#2830)Ivan Nardi2025-05-20
| | | Close #2818
* Add vkvideo domain (#2809)Vladimir Gavrilov2025-05-12
|
* WoW: update detectionIvan Nardi2025-03-30
| | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
* Rework the old MapleStory code to identify traffic from generic Nexon games ↵Ivan Nardi2025-03-19
| | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON`
* Create a new protocol id to handle Mozilla/Firefox generic traffic (#2740)Ivan Nardi2025-02-21
| | | Close #2738
* Remove JA3C output from ndpiReader (#2667)Ivan Nardi2025-01-12
| | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551
* Improved WebSocket-over-HTTP detection (#2664)Toni2025-01-11
| | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* Remove "zoom" cache (#2420)Ivan Nardi2024-05-06
| | | | | | | | | This cache was added in b6b4967aa, when there was no real Zoom support. With 63f349319, a proper identification of multimedia stream has been added, making this cache quite useless: any improvements on Zoom classification should be properly done in Zoom dissector. Tested for some months with a few 10Gbits links of residential traffic: the cache pretty much never returned a valid hit.
* Remove workaround for TCP flows with multiple SYNs (#2421)Ivan Nardi2024-05-06
| | | | | Deciding when a session starts and ends is responsability of the applicationi (via its flow manager)i, not of the library. BTW, the removed code is incomplete at beast
* Updated JA4 test resultsLuca Deri2024-05-02
|
* ndpiReader: add breed stats on output used for CI (#2236)Ivan Nardi2024-01-05
|
* Add HL7 protocol dissector (#2240)Vladimir Gavrilov2024-01-02
| | | | | | | * Add HL7 protocol dissector * Small fixes * Small fixes
* Implements JA4 Support (#2191)Luca Deri2023-12-22
|
* Add JSON-RPC protocol dissector (#2217)Vladimir Gavrilov2023-12-20
| | | | | | | * Add JSON-RPC protocol dissector * Small fixes * Improve detection
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* Fixes risk mask exception handling while improving the overall performanceLuca Deri2023-07-14
|
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* HTTP: improve extraction of metadata and of flow risks (#1959)Ivan Nardi2023-05-05
|
* Add an heuristic to detect/ignore some anomalous TCP ACK packets (#1948)Ivan Nardi2023-04-25
In some networks, there are some anomalous TCP flows where the smallest ACK packets have some kind of zero padding. It looks like the IP and TCP headers in those frames wrongly consider the 0x00 Ethernet padding bytes as part of the TCP payload. While this kind of packets is perfectly valid per-se, in some conditions they might be treated by the TCP reassembler logic as (partial) overlaps, deceiving the classification engine. Add an heuristic to detect these packets and to ignore them, allowing correct detection/classification. This heuristic is configurable. Default value: * in the library, it is disabled * in `ndpiReader` and in the fuzzers, it is enabled (to ease testing) Credit to @vel21ripn for the initial patch. Close #1946
Powered by cgit, Themed by Ted Yin.