| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | ndpiReader: add some global statistics about FPC (#2680) | Ivan Nardi | 2025-01-17 |
| | | | | Enabled via `--dump-fpc-stats` option | ||
| * | STUN: improve detection of Telegram calls (#2671) | Ivan Nardi | 2025-01-14 |
| | | |||
| * | TLS: remove JA3C (#2679) | Ivan Nardi | 2025-01-14 |
| | | | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551 | ||
| * | Add (kind of) support for loading a list of JA4C malicious fingerprints (#2678) | Ivan Nardi | 2025-01-14 |
| | | | | | | | | | | It might be usefull to be able to match traffic against a list of suspicious JA4C fingerprints Use the same code/logic/infrastructure used for JA3C (note that we are going to remove JA3C...) See: #2551 | ||
| * | Remove JA3C output from ndpiReader (#2667) | Ivan Nardi | 2025-01-12 |
| | | | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 | ||
| * | HTTP: fix entropy calculation (#2666) | Ivan Nardi | 2025-01-12 |
| | | | | | We calculate HTTP entropy according to "Content-type:" header, see `ndpi_validate_http_content()` on HTTP code | ||
| * | Add Vivox support (#2668) | Vladimir Gavrilov | 2025-01-11 |
| | | |||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | QUIC: remove extraction of user-agent (#2650) | Ivan Nardi | 2025-01-07 |
| | | | | | | In very old (G)QUIC versions by Google, the user agent was available on plain text. That is not true anymore, since about end of 2021. See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7 | ||
| * | Classifications "by-port"/"by-ip" should never change (#2656) | Ivan Nardi | 2025-01-06 |
| | | | | Add a new variable to keep track of internal partial classification | ||
| * | Add the ability to enable/disable every specific flow risks (#2653) | Ivan Nardi | 2025-01-06 |
| | | |||
| * | ndpiReader: update JA statistics (#2646) | Ivan Nardi | 2025-01-06 |
| | | | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context | ||
| * | QUIC: extract "max idle timeout" parameter (#2649) | Ivan Nardi | 2025-01-06 |
| | | | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager | ||
| * | TLS: fix `NDPI_TLS_WEAK_CIPHER` flow risk (#2647) | Ivan Nardi | 2025-01-06 |
| | | | | | We should set it also for "obsolete"/"insecure" ciphers, not only for the "weak" ones. | ||
| * | TLS: remove ESNI support (#2648) | Ivan Nardi | 2025-01-06 |
| | | | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension. | ||
| * | Path of Exile 2 support (#2654) | Vladimir Gavrilov | 2025-01-06 |
| | | |||
| * | Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵ | Luca Deri | 2025-01-03 |
| | | | | | messages when used to browse (old) network devices | ||
| * | IPv6: fix bad ipv6 format (#1890) (#2651) | paolomonti | 2024-12-20 |
| | | | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890 | ||
| * | Update all IPs lists (#2643) | Ivan Nardi | 2024-12-13 |
| | | |||
| * | STUN/RTP: improve metadata extraction (#2641) | Ivan Nardi | 2024-12-11 |
| | | |||
| * | STUN: fix monitoring (#2639) | Ivan Nardi | 2024-12-06 |
| | | |||
| * | signal: improve detection of chats and calls (#2637) | Ivan Nardi | 2024-12-04 |
| | | |||
| * | Add support Yandex Alice (#2633) | Evgeny Shtanov | 2024-11-29 |
| | | | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | ||
| * | Sync unit tests results | Toni Uhlig | 2024-11-27 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add a configuration file to ndpiReader (#2629) | Ivan Nardi | 2024-11-27 |
| | | | | | | | Example: ./example/ndpiReader --conf=./example/calls.conf -i ./tests/pcap/signal_videocall.pcapng -v2 Close #2608 | ||
| * | Sync unit tests results | Ivan Nardi | 2024-11-26 |
| | | |||
| * | Add support for Paramount+ streaming service | Ivan Nardi | 2024-11-25 |
| | | |||
| * | Update `flow->flow_multimedia_types` to a bitmask (#2625) | Ivan Nardi | 2024-11-25 |
| | | | | In the same flow, we can have multiple multimedia types | ||
| * | Sync unit tests results | Ivan Nardi | 2024-11-25 |
| | | |||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Sync unit tests results | Ivan Nardi | 2024-11-21 |
| | | |||
| * | RTP, STUN: improve detection of multimedia flow type (#2620) | Ivan Nardi | 2024-11-19 |
| | | | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field... | ||
| * | Results update | Luca Deri | 2024-11-16 |
| | | |||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | HTTP: fix leak and out-of-bound error on credential extraction (#2611) | Ivan Nardi | 2024-11-01 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options | Luca Deri | 2024-10-27 |
| | | |||
| * | Improved fingerprints | Luca Deri | 2024-10-21 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | ndpiReader: explicitly remove non ipv4/6 packets (#2601) | Ivan Nardi | 2024-10-19 |
| | | |||
| * | ndpiReader: add some statistics about monitoring (#2602) | Ivan Nardi | 2024-10-19 |
| | | |||
| * | Added support for RDP over TLS | Luca Deri | 2024-10-19 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Add configuration of TCP fingerprint computation (#2598) | Ivan Nardi | 2024-10-18 |
| | | | | Extend configuration of raw format of JA4C fingerprint | ||