aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result
Commit message (Collapse)AuthorAge
* Add Vivox support (#2668)Vladimir Gavrilov2025-01-11
|
* Improved WebSocket-over-HTTP detection (#2664)Toni2025-01-11
| | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: remove extraction of user-agent (#2650)Ivan Nardi2025-01-07
| | | | | In very old (G)QUIC versions by Google, the user agent was available on plain text. That is not true anymore, since about end of 2021. See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7
* Classifications "by-port"/"by-ip" should never change (#2656)Ivan Nardi2025-01-06
| | | Add a new variable to keep track of internal partial classification
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* QUIC: extract "max idle timeout" parameter (#2649)Ivan Nardi2025-01-06
| | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager
* TLS: fix `NDPI_TLS_WEAK_CIPHER` flow risk (#2647)Ivan Nardi2025-01-06
| | | | We should set it also for "obsolete"/"insecure" ciphers, not only for the "weak" ones.
* TLS: remove ESNI support (#2648)Ivan Nardi2025-01-06
| | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension.
* Path of Exile 2 support (#2654)Vladimir Gavrilov2025-01-06
|
* Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵Luca Deri2025-01-03
| | | | messages when used to browse (old) network devices
* IPv6: fix bad ipv6 format (#1890) (#2651)paolomonti2024-12-20
| | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890
* Update all IPs lists (#2643)Ivan Nardi2024-12-13
|
* STUN: fix monitoring (#2639)Ivan Nardi2024-12-06
|
* signal: improve detection of chats and calls (#2637)Ivan Nardi2024-12-04
|
* Add support Yandex Alice (#2633)Evgeny Shtanov2024-11-29
| | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* Sync unit tests resultsToni Uhlig2024-11-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Sync unit tests resultsIvan Nardi2024-11-26
|
* Add support for Paramount+ streaming serviceIvan Nardi2024-11-25
|
* Update `flow->flow_multimedia_types` to a bitmask (#2625)Ivan Nardi2024-11-25
| | | In the same flow, we can have multiple multimedia types
* Sync unit tests resultsIvan Nardi2024-11-25
|
* When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵Luca Deri2024-11-22
| | | | port that was supposed to be used as default
* Sync unit tests resultsIvan Nardi2024-11-21
|
* RTP, STUN: improve detection of multimedia flow type (#2620)Ivan Nardi2024-11-19
| | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field...
* Results updateLuca Deri2024-11-16
|
* Added DICOM supportLuca2024-11-15
| | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
* Implemented Mikrotik discovery protocol dissection and metadata extraction ↵Luca Deri2024-11-14
| | | | (#2618)
* Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615)Ivan Nardi2024-11-12
| | | Extend content match list
* SIP: extract some basic metadataIvan Nardi2024-11-12
|
* Add Naver protocol support (#2610)Vladimir Gavrilov2024-11-01
|
* Added HTTP credentials extractionLuca Deri2024-10-31
|
* Add Paltalk protocol support (#2606)Vladimir Gavrilov2024-10-28
|
* Fixes TCP fingerprint calculation when multiple EOL are specified in TCP optionsLuca Deri2024-10-27
|
* Improved fingerprintsLuca Deri2024-10-21
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* ndpiReader: explicitly remove non ipv4/6 packets (#2601)Ivan Nardi2024-10-19
|
* Added support for RDP over TLSLuca Deri2024-10-19
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* STUN: if the same metadata is found multiple times, keep the first value (#2591)Ivan Nardi2024-10-15
|
* STUN: fix monitoring of Whatsapp and Zoom flows (#2590)Ivan Nardi2024-10-15
|
* Fixed JA4 invalid computation due to code bug and uninitialized valuesLuca Deri2024-10-13
|
* Added sonos dissectorLuca Deri2024-10-13
|
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* Exports DNS A/AAAA responses (up to 4 addresses)Luca2024-10-02
| | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response
* TLS: detect abnormal padding usage (#2579)Ivan Nardi2024-10-01
| | | | Padding is usually some hundreds byte long. Longer padding might be used as obfuscation technique to force unusual CH fragmentation
* TLS: heuristics: fix memory allocations (#2577)Ivan Nardi2024-09-30
| | | | Allocate heuristics state only if really needed. Fix memory leak (it happened with WebSocket traffic on port 443)
* Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553)Ivan Nardi2024-09-24
| | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.
* Added Sonos protocol detectionLuca Deri2024-09-24
|
* TLS: improve handling of Change Cipher message (#2564)Ivan Nardi2024-09-23
|
Powered by cgit, Themed by Ted Yin.