libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	Remove JA3C output from ndpiReader (#2667)	Ivan Nardi	2025-01-12
\| \| \| \| \| \| \| \| \| \| \| \| \|	Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551
*	ndpiReader: update JA statistics (#2646)	Ivan Nardi	2025-01-06
\| \| \| \|	Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
*	Added DICOM support	Luca	2024-11-15
\| \| \| \|	Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
*	Add Paltalk protocol support (#2606)	Vladimir Gavrilov	2024-10-28
\|
*	Improved TCP fingerprint	Luca Deri	2024-10-20
\|
*	Improved TCP fingepring calculation	Luca Deri	2024-10-18
\| \| \| \|	Adde basidc OS detection based on TCP fingerprint
*	Increased struct ndpi_flow_struct size (#2596)	Luca Deri	2024-10-18
\| \| \|	Build fix
*	Add DingTalk protocol support (#2581)	Vladimir Gavrilov	2024-10-07
\|
*	Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553)	Ivan Nardi	2024-09-24
	Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.