aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/weibo.pcap.out
Commit message (Collapse)AuthorAge
* Add (Generic) JSON dissectoradd/generic-json-dissectorToni Uhlig2024-07-03
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Ripe Atlas probe protocol. (#2473)Toni2024-06-17
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* Add ZUG consensus protocol dissector. (#2458)Toni2024-05-28
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* More NDPI_PROBING_ATTEMPT changesLuca2024-05-22
|
* Follow-up of 2093ac5bf (#2451)Ivan Nardi2024-05-21
|
* Minor dissector optimizationsLuca Deri2024-05-20
|
* Add Call of Duty Mobile support (#2438)Vladimir Gavrilov2024-05-15
|
* H323: improve detection and avoid false positives (#2432)Ivan Nardi2024-05-11
|
* Add Ethernet Global Data support (#2437)Vladimir Gavrilov2024-05-11
|
* Add extra entropy checks and more precise(?) analysis. (#2383)Toni2024-05-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Remove "zoom" cache (#2420)Ivan Nardi2024-05-06
| | | | | | | | | This cache was added in b6b4967aa, when there was no real Zoom support. With 63f349319, a proper identification of multimedia stream has been added, making this cache quite useless: any improvements on Zoom classification should be properly done in Zoom dissector. Tested for some months with a few 10Gbits links of residential traffic: the cache pretty much never returned a valid hit.
* Merge RTP and RTCP logic (#2416)Ivan Nardi2024-05-06
| | | | | | | | | Avoid code duplication between these two protocols. We remove support for RTCP over TCP; it is quite rare to find this kind of traffic and, more important, we have never had support for RTP over TCP: we should try to add both detecion as follow-up. Fix a message log in the LINE code
* eDonkey: improve/update classification (#2410)Ivan Nardi2024-05-04
| | | | | | | | | | eDonkey is definitely not as used as >10 years ago, but it seems it is still active. While having a basic TCP support seems easy, identification over UDP doesn't work and it is hard to do it rightly (packets might be only 2 bytes long): remove it. Credits to V.G <v.gavrilov@securitycode.ru>
* Add BFCP protocol support (#2401)0x41CEA552024-04-23
|
* Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398)0x41CEA552024-04-19
|
* Add KNXnet/IP protocol support (#2397)0x41CEA552024-04-19
| | | | | * Add KNXnet/IP protocol support * Improve KNXnet/IP over TCP detection
* Add Label Distribution Protocol support (#2385)Vladimir Gavrilov2024-04-12
| | | | | | | * Add Label Distribution Protocol support * Fix typo * Update unit test results
* Calculate packet entropy for unknown protocols. (#2369)Toni2024-04-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add LoL: Wild Rift detection (#2356)Vladimir Gavrilov2024-03-26
|
* STUN: remove workaround to identify RTP trafficNardi Ivan2024-03-20
| | | | | We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at least; no need to explicity call the RTP dissector
* Add FLUTE protocol dissector (#2351)Vladimir Gavrilov2024-03-19
| | | | | * Add FLUTE protocol dissector * Add flute.c to MSVC project
* Add PFCP protocol dissector (#2342)Vladimir Gavrilov2024-03-13
|
* ahocorasick: improve matching with subdomains (#2331)Ivan Nardi2024-03-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The basic idea is to have the following logic: * pattern "DOMAIN" matches the domain itself (i.e exact match) *and* any subdomains (i.e. "ANYTHING.DOMAIN") * pattern "DOMAIN." matches *also* any strings for which is a prefix [please, note that this kind of match is handy but it is quite dangerous...] * pattern "-DOMAIN" matches *also* any strings for which is a postfix Examples: * pattern "wikipedia.it": * "wikipiedia.it" -> OK * "foo.wikipedia.it -> OK * "foowikipedia.it -> NO MATCH * "wikipedia.it.com -> NO MATCH * pattern "wikipedia.": * "wikipedia.it" -> OK * "foo.wikipedia.it -> OK * "foowikipedia.it -> NO MATCH * "wikipedia.it.com -> OK * pattern "-wikipedia.it": * "wikipedia.it" -> NO MATCH * "foo.wikipedia.it -> NO MATCH * "0001-wikipedia.it -> OK * "foo.0001-wikipedia.it -> OK Bottom line: * exact match * prefix with "." (always, implicit) * prefix with "-" (only if esplicitly set) * postfix with "." (only if esplicitly set) That means that the patterns cannot start with '.' anymore. Close #2330
* Add Naraka Bladepoint detection support (#2334)Vladimir Gavrilov2024-03-04
|
* Add BFD protocol dissector (#2332)Vladimir Gavrilov2024-02-29
|
* Add DLEP protocol dissector (#2326)Vladimir Gavrilov2024-02-20
|
* Add ANSI C12.22 protocol dissector (#2317)Vladimir Gavrilov2024-02-15
| | | | | * Add ANSI C12.22 protocol dissector * Add UDP sample
* Skype: remove old detection logic (#1954)Ivan Nardi2024-02-12
| | | | | | | Skype has been using standard protocols (STUN/ICE or TLS) for a long, long time, now. Long gone are the days of Skype as a distribuited protocol. See: #2166
* Add detection of Gaijin Entertainment games (#2311)Vladimir Gavrilov2024-02-09
| | | | | | | | | * Add detection of Gaijin Entertainment games * Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN * Add default UDP port for Gaijin Entertainment games * Remove NDPI_PROTOCOL_CROSSOUT protocol id
* Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial ↵Luca Deri2024-01-29
| | | | protocol
* Add Yojimbo (netcode) protocol dissector (#2277)Toni2024-01-21
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add a dedicated dissector for Zoom (#2265)Ivan Nardi2024-01-19
| | | Move it from the RTP code and extend it
* Add Mumble detection support (#2269)Vladimir Gavrilov2024-01-19
|
* Rework Steam detection (part 1) (#2264)Vladimir Gavrilov2024-01-18
| | | | | | | | | | | | | | | | | | | | | * Clean up Steam dissector * Add Steam Datagram Relay dissector * Update docs * Update test results * Remove csgo.c from MSVC project * Small fixes * Add Steam TLS pcap sample * Merge Steam pcap samples into single one * Fix typo * Update test results
* Add KCP protocol dissector. (#2257)Toni2024-01-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Roughtime protocol dissector. (#2248)Toni2024-01-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ndpiReader: add breed stats on output used for CI (#2236)Ivan Nardi2024-01-05
|
* Add HL7 protocol dissector (#2240)Vladimir Gavrilov2024-01-02
| | | | | | | * Add HL7 protocol dissector * Small fixes * Small fixes
* Add IEC62056 (DLMS/COSEM) protocol dissector (#2229)Vladimir Gavrilov2024-01-02
| | | | | | | | | | | | | | | | | | | * Add IEC62056 (DLMS/COSEM) protocol dissector * Fix detection on big endian architectures * Update protocols.rst * Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c * Update pcap sample * Remove empty .out file * iec62056: add some documentation --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add NoMachine NX protocol dissector (#2234)Vladimir Gavrilov2024-01-02
| | | | | | | | | * Add NoMachine protocol dissector * Fix detection on big endian architectures * Make NoMachine over UDP check more strict * Small fixes
* Implements JA4 Support (#2191)Luca Deri2023-12-22
|
* Add JSON-RPC protocol dissector (#2217)Vladimir Gavrilov2023-12-20
| | | | | | | * Add JSON-RPC protocol dissector * Small fixes * Improve detection
* Add UFTP protocol dissector (#2215)Vladimir Gavrilov2023-12-18
| | | | | | | * Add UFTP protocol dissector * Update docs * Merge pcap files
* Add PROFINET/IO protocol dissector (#2213)Vladimir Gavrilov2023-12-16
| | | | | | | | | * Add PROFINET/IO protocol dissector * Add LE (Little Endian) to the file name * Rework dissector * Remove redundant check
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* OpenVPN: rework detection (#2199)Ivan Nardi2023-12-06
| | | Close #1873
* Add Ether-S-Bus protocol dissector (#2200)Vladimir Gavrilov2023-12-05
|
* Add IEEE C37.118 protocol dissector (#2193)Vladimir Gavrilov2023-12-05
|
* Add Ether-S-I/O protocol dissector (#2174)Vladimir Gavrilov2023-11-27
|
Powered by cgit, Themed by Ted Yin.