Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Add AVAST dissector.add/avast | lns | 2022-07-25 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | Add support for flow client/server information (#1671) | Ivan Nardi | 2022-07-24 |
| | | | | | | | | | | | | | | | | | | In a lot of places in ndPI we use *packet* source/dest info (address/port/direction) when we are interested in *flow* client/server info, instead. Add basic logic to autodetect this kind of information. nDPI doesn't perform any "flow management" itself but this task is delegated to the external application. It is then likely that the application might provide more reliable hints about flow client/server direction and about the TCP handshake presence: in that case, these information might be (optionally) passed to the library, disabling the internal "autodetect" logic. These new fields have been used in some LRU caches and in the "guessing" algorithm. It is quite likely that some other code needs to be updated. | ||
* | Added AliCloud server access dissector. (#1672) | Toni | 2022-07-23 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | SKYPE: remove detection over TCP | Nardi Ivan | 2022-07-20 |
| | | | | | | Skype detection over TCP has been completely disable since 659f75138 (3 years ago!). Since that logic was too weak anyway, remove it. | ||
* | Improved Jabber/XMPP detection. (#1661) | Toni | 2022-07-13 |
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Keep track of how many dissectors calls we made for each flow (#1657) | Ivan Nardi | 2022-07-11 |
| | |||
* | Avoid spurious calls to extra dissection (#1648) | Ivan Nardi | 2022-07-07 |
| | | | | If the extra callabck is not set, calling the extra dissection is only a waste of resources... | ||
* | Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636) | Ivan Nardi | 2022-07-05 |
| | |||
* | Enhanced TLS risk info reported to users | Luca Deri | 2022-06-28 |
| | |||
* | Added unidirectional traffic flow risk | Luca Deri | 2022-06-20 |
| | |||
* | Updated DNS alert triggered only with TTL == 0 | Luca Deri | 2022-06-14 |
| | |||
* | Improved DNS traffic analysis | Luca Deri | 2022-06-13 |
| | | | | Added ability to identify application and network protocols | ||
* | Updated tests results | Luca Deri | 2022-05-30 |
| | | | | Code cleanup | ||
* | Improved TLS alert detection. (#1542) | Toni | 2022-05-08 |
| | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | Sync unit tests results (#1533) | Ivan Nardi | 2022-04-27 |
| | |||
* | Improved TLS application data detection. (#1532) | Toni | 2022-04-27 |
| | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | Sync unit tests results (#1423) | Ivan Nardi | 2022-01-28 |
| | | | Fix: 7a3aa41a | ||
* | Add a "confidence" field about the reliability of the classification. (#1395) | Ivan Nardi | 2022-01-11 |
| | | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic. | ||
* | ndpiReader: slight simplificaton of the output (#1378) | Ivan Nardi | 2021-11-27 |
| | |||
* | Differentiate between standard Amazon stuff (i.e market) and AWS (#1369) | Ivan Nardi | 2021-11-04 |
| | |||
* | Fixed cleartext protocol assignment (#1357) | Ivan Nardi | 2021-10-25 |
| | |||
* | Refreshed results list | Luca Deri | 2021-10-16 |
| | |||
* | Updated test results after latest commit | Luca Deri | 2021-10-16 |
| | |||
* | Improved DGA detection for skipping potential DGAs of known/popular domain names | Luca Deri | 2021-10-05 |
| | |||
* | Update unit tests results after da8eed5a (#1323) | Ivan Nardi | 2021-10-05 |
| | |||
* | Updated output | Luca Deri | 2021-08-07 |
| | |||
* | ndpiReader: add statistics about nDPI performance (#1240) | Ivan Nardi | 2021-07-13 |
| | | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits. | ||
* | Added flow risk score | Luca Deri | 2021-05-18 |
| | |||
* | Added browser TLS heuristic | Luca Deri | 2021-05-13 |
| | |||
* | Modified JA3 fingerprint message | Luca Deri | 2021-02-24 |
| | |||
* | Added NDPI_MALICIOUS_JA3 flow risk | Luca Deri | 2021-02-22 |
| | | | | Added ndpi_load_malicious_ja3_file() API call | ||
* | Improved (partial) TLS dissection | Luca Deri | 2021-02-04 |
| | |||
* | Tests update | Luca Deri | 2020-10-02 |
| | |||
* | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 |
| | | | | Optimized stddev calculation | ||
* | Fixed partial TLS dissection | Luca Deri | 2020-07-30 |
| | |||
* | Changed due to bin size extension | Luca Deri | 2020-07-30 |
| | |||
* | User agent detection improvements | Luca Deri | 2020-07-21 |
| | |||
* | Updated test results due to bin changes | Luca Deri | 2020-07-09 |
| | |||
* | Fixes #906 | Luca Deri | 2020-06-22 |
| | | | | Packet bins are not printed wehn empty | ||
* | Added ndpi_bin_XXX API | Luca Deri | 2020-06-22 |
| | | | | Added packet lenght distribution bins | ||
* | Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS | Luca Deri | 2020-06-08 |
| | |||
* | Added fix to avoid potential heap buffer overflow in H.323 dissector | Luca Deri | 2020-05-19 |
| | | | | Modified HTTP report information to make it closer to the HTTP field names | ||
* | Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk | Luca Deri | 2020-05-15 |
| | |||
* | Added TLS weak cipher and obsolete protocol version detection | Luca Deri | 2020-05-10 |
| | |||
* | Added the ability to detect when a known protocol is using a non-standard port | Luca Deri | 2020-05-10 |
| | | | | Added check to spot executables exchanged via HTTP | ||
* | Added TLS issuerDN and subjectDN | Luca Deri | 2020-05-07 |
| | |||
* | Remove decimals in test results for IAT, packet lengths and goodput ratio | emanuele-f | 2020-02-14 |
| | |||
* | Improved DNS response decoding | Luca Deri | 2020-02-04 |
| | | | | The first decoded address is now reported by ndpiReader | ||
* | Reworked TLS dissection | Luca | 2020-01-01 |
| | |||
* | Updated results | Luca Deri | 2019-11-21 |
| |