| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Keep looking for RTP packets but remove the monitoring concept.
We will re-introduce a more general concept of "flow in monitoring
state" later.
The function was disabled by default.
Some configuration knobs will be provided when/if #2190 is merged.
|
| |
|
| |
Close #1873
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add Omron FINS protocol dissector
* Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP
* Update unit test results
* Update protocols.rst
* Remove dummy flows from fins.pcap
|
| |
|
|
|
|
|
| |
* Improve CORBA detection
* Remove dummy flow from ziop.pcap
* Merge ziop.pcap and miop.pcap into corba.pcap
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add HART-IP protocol dissector
* Update docs
* Update protocols.rst
* Reuse free proto id and re-run tests
* docs: move HART-IP to top of list
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add IEEE 1588-2008 (PTPv2) dissector
PTPv2 is a time synchronization protocol in computer networks, similar to NTP.
* Add default protocol ports
* Update default test result for PTPv2
* Update copyright
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Try to have a faster classification, on first packet; use standard extra
dissection data path for sub-classification, metadata extraction and
monitoring.
STUN caches:
* use the proper confidence value
* lookup into the caches only once per flow, after having found a proper
STUN classification
Add identification of Telegram VoIP calls.
|
| | |
|
| |
|
| |
Fix the script to download crawler addressess
|
| |
|
|
|
|
| |
Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp`
suggests that...).
Bug introduced in 5266c726f
|
| | |
|
| |
|
|
|
|
|
| |
as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin
the same is applicable for ethereum.
ethereum detection was removed from mining protocol and is now handled separately.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
Regardless of the name, the removed trace doesn't contain meaningful
Hangout traffic.
Remove last piece of sub-classifiction based only on ip addresses.
|
| |
|
|
|
|
|
| |
Try avoiding false positives: look for 3 RTP packets before classifing
the flow as such.
Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also
in other dissectors (see 3608ab01b commit message for an example)
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
|
|
Look for RTP packets in the STUN sessions.
TODO: tell RTP from RTCP
|