aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/netflix.pcap.out
Commit message (Collapse)AuthorAge
* Remove JA3C output from ndpiReader (#2667)Ivan Nardi2025-01-12
| | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551
* Improved WebSocket-over-HTTP detection (#2664)Toni2025-01-11
| | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* Fixes TCP fingerprint calculation when multiple EOL are specified in TCP optionsLuca Deri2024-10-27
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* Align serialized risk names to all others (first letter; uppercase letter) ↵Toni2024-09-03
| | | | | (#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed probing attempt risk that was creating false positivesLuca Deri2024-08-07
|
* FPC: add DPI information (#2514)Ivan Nardi2024-07-23
| | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* FPC: add DNS correlation (#2497)mmanoj2024-07-22
| | | | | | | | | Use DNS information to get a better First Packet Classification. See: #2322 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* More NDPI_PROBING_ATTEMPT changesLuca2024-05-22
|
* Remove "zoom" cache (#2420)Ivan Nardi2024-05-06
| | | | | | | | | This cache was added in b6b4967aa, when there was no real Zoom support. With 63f349319, a proper identification of multimedia stream has been added, making this cache quite useless: any improvements on Zoom classification should be properly done in Zoom dissector. Tested for some months with a few 10Gbits links of residential traffic: the cache pretty much never returned a valid hit.
* eDonkey: improve/update classification (#2410)Ivan Nardi2024-05-04
| | | | | | | | | | eDonkey is definitely not as used as >10 years ago, but it seems it is still active. While having a basic TCP support seems easy, identification over UDP doesn't work and it is hard to do it rightly (packets might be only 2 bytes long): remove it. Credits to V.G <v.gavrilov@securitycode.ru>
* Remove PPStream protocol and add iQIYI (#2403)0x41CEA552024-04-23
| | | | | | P2P video player PPStream was discontinued shortly after the purchase of PPS.tv by Baidu (iQIYI) on 2013 (see https://www.techinasia.com/report-baidu-acquires-video-rival-pps) So we remove the old `NDPI_PROTOCOL_PPSTREAM` logic and add `NDPI_PROTOCOL_IQIYI` id to handle all the iQIYI traffic, which is basically video streaming traffic. A video hosting service, called PPS.tv, is still offered by the same company: for the time being we classified both services with the same protocol id.
* Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398)0x41CEA552024-04-19
|
* Tuned DNS risk valuesLuca Deri2024-04-09
| | | | Modified NDPI_BINARY_TRANSFER_ATTEMPT in NDPI_BINARY_DATA_TRANSFER
* Fixed false positives on binary application transfer riskLuca Deri2024-04-08
|
* ndpiReader: add breed stats on output used for CI (#2236)Ivan Nardi2024-01-05
|
* Add HL7 protocol dissector (#2240)Vladimir Gavrilov2024-01-02
| | | | | | | * Add HL7 protocol dissector * Small fixes * Small fixes
* Implements JA4 Support (#2191)Luca Deri2023-12-22
|
* Add JSON-RPC protocol dissector (#2217)Vladimir Gavrilov2023-12-20
| | | | | | | * Add JSON-RPC protocol dissector * Small fixes * Improve detection
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* Jabber: remove support for UDP (#2115)Ivan Nardi2023-10-26
| | | | | | Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp` suggests that...). Bug introduced in 5266c726f
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Fixes risk mask exception handling while improving the overall performanceLuca Deri2023-07-14
|
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix classification-by-ip in `ndpi_detection_giveup` (#1981)Ivan Nardi2023-05-17
| | | | | | | | | | | | | | Return the "classification-by-ip" as protocol results only if no other results are available. In particular, never return something like "protocol_by_port/protocol_by_ip" (i.e. `NTP/Apple`, BitTorrent/GoogleCloud`, `Zoom/AWS`) because this kind of classification is quite confusing, if not plainly wrong. Notes: * the information about "classification-by-ip" is always available, so no information is lost with this change; * in the unit tests, the previous classifications with confidence `NDPI_CONFIDENCE_DPI_PARTIAL` were wrong, as noted in #1957
* HTTP: improve extraction of metadata and of flow risks (#1959)Ivan Nardi2023-05-05
|
* Test multiple `ndpiReader` configurations (#1931)Ivan Nardi2023-04-06
Extend internal unit tests to handle multiple configurations. As some examples, add tests about: * disabling some protocols * disabling Ookla aggressiveness Every configurations data is stored in a dedicated directory under `tests\cfgs`
Powered by cgit, Themed by Ted Yin.