| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | HTTP: fix leak and out-of-bound error on credential extraction (#2611) | Ivan Nardi | 2024-11-01 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options | Luca Deri | 2024-10-27 |
| | | |||
| * | Improved fingerprints | Luca Deri | 2024-10-21 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | ndpiReader: explicitly remove non ipv4/6 packets (#2601) | Ivan Nardi | 2024-10-19 |
| | | |||
| * | Added support for RDP over TLS | Luca Deri | 2024-10-19 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | STUN: if the same metadata is found multiple times, keep the first value (#2591) | Ivan Nardi | 2024-10-15 |
| | | |||
| * | STUN: fix monitoring of Whatsapp and Zoom flows (#2590) | Ivan Nardi | 2024-10-15 |
| | | |||
| * | Fixed JA4 invalid computation due to code bug and uninitialized values | Luca Deri | 2024-10-13 |
| | | |||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Exports DNS A/AAAA responses (up to 4 addresses) | Luca | 2024-10-02 |
| | | | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response | ||
| * | TLS: detect abnormal padding usage (#2579) | Ivan Nardi | 2024-10-01 |
| | | | | | Padding is usually some hundreds byte long. Longer padding might be used as obfuscation technique to force unusual CH fragmentation | ||
| * | TLS: heuristics: fix memory allocations (#2577) | Ivan Nardi | 2024-09-30 |
| | | | | | Allocate heuristics state only if really needed. Fix memory leak (it happened with WebSocket traffic on port 443) | ||
| * | Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) | Ivan Nardi | 2024-09-24 |
| | | | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default. | ||
| * | Fix Sonos trace | Nardi Ivan | 2024-09-24 |
| | | |||
| * | Added Sonos protocol detection | Luca Deri | 2024-09-24 |
| | | |||
| * | TLS: improve handling of Change Cipher message (#2564) | Ivan Nardi | 2024-09-23 |
| | | |||
| * | Tls out of order (#2561) | Ivan Nardi | 2024-09-18 |
| | | | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions | ||
| * | Added fix for handling Server Hello before CLient Hello | Luca | 2024-09-17 |
| | | |||
| * | Fixed handling of spurious TCP retransmissions | Luca | 2024-09-17 |
| | | |||
| * | dns: add a check before setting `NDPI_MALFORMED_PACKET` risk (#2558) | Ivan Nardi | 2024-09-16 |
| | | | | | | | "Invalid DNS Header"-risk should be set only if the flow has been already classified as DNS. Otherwise, almost any non-DNS flows on port 53 will end up having the `NDPI_MALFORMED_PACKET` risk set, which is a little bit confusing for non DNS traffic | ||
| * | Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547) | Ivan Nardi | 2024-09-16 |
| | | | | | | | | | | | | | Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default. | ||
| * | QUIC: add a basic heuristic to detect mid-flows | Nardi Ivan | 2024-09-10 |
| | | |||
| * | RTMP: improve detection (#2549) | Ivan Nardi | 2024-09-10 |
| | | |||
| * | oracle: fix dissector (#2548) | Ivan Nardi | 2024-09-07 |
| | | | | | We can do definitely better, but this change is a big improvements respect the current broken code | ||
| * | Add detection of Windscribe VPN | Nardi Ivan | 2024-09-05 |
| | | |||
| * | Add detection of CactusVPN | Nardi Ivan | 2024-09-05 |
| | | |||
| * | Add detection of SurfShark VPN | Nardi Ivan | 2024-09-05 |
| | | |||
| * | OpenVPN, Wireguard: improve sub-classification | Nardi Ivan | 2024-09-05 |
| | | | | | | | | | Allow sub-classification of OpenVPN/Wireguard flows using their server IP. That is useful to detect the specific VPN application/app used. At the moment, the supported protocols are: Mullvad, NordVPN, ProtonVPN. This feature is configurable. | ||
| * | Add detection of NordVPN | Nardi Ivan | 2024-09-05 |
| | | |||
| * | OpenVPN: improve detection | Nardi Ivan | 2024-09-05 |
| | | |||
| * | Add Lustre protocol detection support (#2544) | Vladimir Gavrilov | 2024-09-04 |
| | | |||
| * | Align serialized risk names to all others (first letter; uppercase letter) ↵ | Toni | 2024-09-03 |
| | | | | | | (#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Bittorrent: improve detection of UTPv1 and avoid false positives | Nardi Ivan | 2024-09-03 |
| | | |||
| * | Bittorrent: fix extra dissection | Nardi Ivan | 2024-09-03 |
| | | | | | | | | On extra-dissection data-path we only need to look for the hash (the flow is already classified as Bittorrent). As a nice side-effect, the confidence is now always with the right value. | ||
| * | Fix CNP-IP false positives (#2531) | Vladimir Gavrilov | 2024-08-30 |
| | | |||
| * | Add TRDP protocol support (#2528) | Vladimir Gavrilov | 2024-08-25 |
| | | | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP). | ||
| * | Tests output update | Luca Deri | 2024-08-25 |
| | | |||
| * | Add Automatic Tank Gauge protocol (#2527) | wssxsxxsx | 2024-08-23 |
| | | | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||