| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | ndpiReader: print categories summary (#2895) | Ivan Nardi | 2025-06-21 |
| | | |||
| * | Add Hamachi protocol detection support (#2860) | Vladimir Gavrilov | 2025-06-02 |
| | | |||
| * | Simplify ZeroMQ detection (#2847) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | Add MELSEC protocol support (#2846) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | Drop Warcraft 3 (pre Reforged) support (#2826) | Vladimir Gavrilov | 2025-05-19 |
| | | |||
| * | RTSP: simplify detection (#2822) | Ivan Nardi | 2025-05-18 |
| | | |||
| * | Remove World Of Kung Fu support (#2815) | Vladimir Gavrilov | 2025-05-15 |
| | | |||
| * | Add Microsoft Delivery Optimization protocol (#2799) | Vladimir Gavrilov | 2025-04-28 |
| | | |||
| * | FPC: save all addresses from DNS to `fpc_dns` cache (#2792) | Ivan Nardi | 2025-04-10 |
| | | |||
| * | WoW: update detection | Ivan Nardi | 2025-03-30 |
| | | | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT` | ||
| * | Add a new internal function `internal_giveup()` | Ivan Nardi | 2025-03-05 |
| | | | | | | | | | This function is always called once for every flow, as last code processing the flow itself. As a first usage example, check here if the flow is unidirectional (instead of checking it at every packets) | ||
| * | DNS: faster exclusion (#2719) | Ivan Nardi | 2025-02-12 |
| | | |||
| * | ndpiReader: print more DNS information (#2717) | Ivan Nardi | 2025-02-11 |
| | | |||
| * | DNS: disable subclassification by default (#2715) | Ivan Nardi | 2025-02-11 |
| | | | | | Prelimary change to start supporting multiple DNS transactions on the same flow | ||
| * | Remove JA3C output from ndpiReader (#2667) | Ivan Nardi | 2025-01-12 |
| | | | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 | ||
| * | ndpiReader: update JA statistics (#2646) | Ivan Nardi | 2025-01-06 |
| | | | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context | ||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) | Ivan Nardi | 2024-09-24 |
| Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default. | |||