aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out
Commit message (Collapse)AuthorAge
* When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵Luca Deri2024-11-22
| | | | port that was supposed to be used as default
* Added DICOM supportLuca2024-11-15
| | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
* Add Paltalk protocol support (#2606)Vladimir Gavrilov2024-10-28
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* Exports DNS A/AAAA responses (up to 4 addresses)Luca2024-10-02
| | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response
* Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553)Ivan Nardi2024-09-24
Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.
Powered by cgit, Themed by Ted Yin.