aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result
Commit message (Collapse)AuthorAge
* TLS: fix `NDPI_TLS_WEAK_CIPHER` flow risk (#2647)Ivan Nardi2025-01-06
| | | | We should set it also for "obsolete"/"insecure" ciphers, not only for the "weak" ones.
* TLS: remove ESNI support (#2648)Ivan Nardi2025-01-06
| | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension.
* Path of Exile 2 support (#2654)Vladimir Gavrilov2025-01-06
|
* Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵Luca Deri2025-01-03
| | | | messages when used to browse (old) network devices
* IPv6: fix bad ipv6 format (#1890) (#2651)paolomonti2024-12-20
| | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890
* Update all IPs lists (#2643)Ivan Nardi2024-12-13
|
* STUN: fix monitoring (#2639)Ivan Nardi2024-12-06
|
* signal: improve detection of chats and calls (#2637)Ivan Nardi2024-12-04
|
* Add support Yandex Alice (#2633)Evgeny Shtanov2024-11-29
| | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* Sync unit tests resultsToni Uhlig2024-11-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Sync unit tests resultsIvan Nardi2024-11-26
|
* Add support for Paramount+ streaming serviceIvan Nardi2024-11-25
|
* Update `flow->flow_multimedia_types` to a bitmask (#2625)Ivan Nardi2024-11-25
| | | In the same flow, we can have multiple multimedia types
* Sync unit tests resultsIvan Nardi2024-11-25
|
* When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵Luca Deri2024-11-22
| | | | port that was supposed to be used as default
* Sync unit tests resultsIvan Nardi2024-11-21
|
* RTP, STUN: improve detection of multimedia flow type (#2620)Ivan Nardi2024-11-19
| | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field...
* Results updateLuca Deri2024-11-16
|
* Added DICOM supportLuca2024-11-15
| | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
* Implemented Mikrotik discovery protocol dissection and metadata extraction ↵Luca Deri2024-11-14
| | | | (#2618)
* Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615)Ivan Nardi2024-11-12
| | | Extend content match list
* SIP: extract some basic metadataIvan Nardi2024-11-12
|
* Add Naver protocol support (#2610)Vladimir Gavrilov2024-11-01
|
* Added HTTP credentials extractionLuca Deri2024-10-31
|
* Add Paltalk protocol support (#2606)Vladimir Gavrilov2024-10-28
|
* Fixes TCP fingerprint calculation when multiple EOL are specified in TCP optionsLuca Deri2024-10-27
|
* Improved fingerprintsLuca Deri2024-10-21
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* ndpiReader: explicitly remove non ipv4/6 packets (#2601)Ivan Nardi2024-10-19
|
* Added support for RDP over TLSLuca Deri2024-10-19
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* STUN: if the same metadata is found multiple times, keep the first value (#2591)Ivan Nardi2024-10-15
|
* STUN: fix monitoring of Whatsapp and Zoom flows (#2590)Ivan Nardi2024-10-15
|
* Fixed JA4 invalid computation due to code bug and uninitialized valuesLuca Deri2024-10-13
|
* Added sonos dissectorLuca Deri2024-10-13
|
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* Exports DNS A/AAAA responses (up to 4 addresses)Luca2024-10-02
| | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response
* TLS: detect abnormal padding usage (#2579)Ivan Nardi2024-10-01
| | | | Padding is usually some hundreds byte long. Longer padding might be used as obfuscation technique to force unusual CH fragmentation
* TLS: heuristics: fix memory allocations (#2577)Ivan Nardi2024-09-30
| | | | Allocate heuristics state only if really needed. Fix memory leak (it happened with WebSocket traffic on port 443)
* Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553)Ivan Nardi2024-09-24
| | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.
* Added Sonos protocol detectionLuca Deri2024-09-24
|
* TLS: improve handling of Change Cipher message (#2564)Ivan Nardi2024-09-23
|
* Tls out of order (#2561)Ivan Nardi2024-09-18
| | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions
* Added fix for handling Server Hello before CLient HelloLuca2024-09-17
|
* Fixed handling of spurious TCP retransmissionsLuca2024-09-17
|
* dns: add a check before setting `NDPI_MALFORMED_PACKET` risk (#2558)Ivan Nardi2024-09-16
| | | | | | "Invalid DNS Header"-risk should be set only if the flow has been already classified as DNS. Otherwise, almost any non-DNS flows on port 53 will end up having the `NDPI_MALFORMED_PACKET` risk set, which is a little bit confusing for non DNS traffic
* Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547)Ivan Nardi2024-09-16
| | | | | | | | | | | | Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default.
* QUIC: add a basic heuristic to detect mid-flowsNardi Ivan2024-09-10
|
Powered by cgit, Themed by Ted Yin.