aboutsummaryrefslogtreecommitdiff
path: root/tests/result/alexa-app.pcapng.out
Commit message (Collapse)AuthorAge
* Add FastCGI protocol detection. (#1711)Toni2022-08-24
| | | | | | | | * CQL: fixed byte order conversion (BigEndian not LittleEndian) * CQL: increased required successful dissected packets to prevent false-positives Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Kismet protocol detection. (#1710)Toni2022-08-24
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add TiVoConnect dissector. Fixes #1697. (#1699)Toni2022-08-08
| | | | | * added static assert if supported, to complain if the flow struct changes Signed-off-by: lns <matzeton@googlemail.com>
* Patricia tree, Ahocarasick automa, LRU cache: add statistics (#1683)Ivan Nardi2022-07-29
| | | | | | | | | | Add (basic) internal stats to the main data structures used by the library; they might be usefull to check how effective these structures are. Add an option to `ndpiReader` to dump them; enabled by default in the unit tests. This new option enables/disables dumping of "num dissectors calls" values, too (see b4cb14ec).
* TINC: avoid processing SYN packets (#1676)Ivan Nardi2022-07-28
| | | | | | | | | | | Since e6b332aa, we have proper support for detecting client/server direction. So Tinc dissector is now able to properly initialize the cache entry only when needed and not anymore at the SYN time; initializing that entry for **every** SYN packets was a complete waste of resources. Since 4896dabb, the various `struct ndpi_call_function_struct` structures are not more separate objects and therefore comparing them using only their pointers is bogus: this bug was triggered by this change because `ndpi_str->callback_buffer_size_tcp_no_payload` is now 0.
* Update the protocol bitmask for some protocols (#1675)Ivan Nardi2022-07-27
| | | | | | | Tcp retransmissions should be ignored. Remove some unused protocol bitmasks. Update script to download Whatsapp IP list.
* Add AVAST dissector. (#1674)Toni2022-07-25
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added AliCloud server access dissector. (#1672)Toni2022-07-23
| | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* SKYPE: remove detection over TCPNardi Ivan2022-07-20
| | | | | | Skype detection over TCP has been completely disable since 659f75138 (3 years ago!). Since that logic was too weak anyway, remove it.
* Improved Jabber/XMPP detection. (#1661)Toni2022-07-13
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Keep track of how many dissectors calls we made for each flow (#1657)Ivan Nardi2022-07-11
|
* Avoid spurious calls to extra dissection (#1648)Ivan Nardi2022-07-07
| | | | If the extra callabck is not set, calling the extra dissection is only a waste of resources...
* Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636)Ivan Nardi2022-07-05
|
* Enhanced TLS risk info reported to usersLuca Deri2022-06-28
|
* Added unidirectional traffic flow riskLuca Deri2022-06-20
|
* Updated DNS alert triggered only with TTL == 0Luca Deri2022-06-14
|
* Improved DNS traffic analysisLuca Deri2022-06-13
| | | | Added ability to identify application and network protocols
* Updated test resultsLuca Deri2022-06-05
|
* Updated tests resultsLuca Deri2022-05-30
| | | | Code cleanup
* Sync unit tests results (#1533)Ivan Nardi2022-04-27
|
* Updated test resultsLuca Deri2022-02-03
|
* Sync unit tests results (#1423)Ivan Nardi2022-01-28
| | | Fix: 7a3aa41a
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* Improved user agent analysisLuca Deri2022-01-09
|
* ndpiReader: slight simplificaton of the output (#1378)Ivan Nardi2021-11-27
|
* Fix writes to `flow->protos` union fields (#1354)Ivan Nardi2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | We can write to `flow->protos` only after a proper classification. This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP, SMTP, IMAP and POP code. There are two kinds of fixes: * write to `flow->protos` only if a final protocol has been detected * move protocol state out of `flow->protos` The hard part is to find, for each protocol, the right tradeoff between memory usage and code complexity. Handle Kerberos like DNS: if we find a request, we set the protocol and an extra callback to further parsing the reply. For all the other protocols, move the state out of `flow->protos`. This is an issue only for the FTP/MAIL stuff. Add DHCP Class Identification value to the output of ndpiReader and to the Jason serialization. Extend code coverage of fuzz tests. Close #1343 Close #1342
* Differentiate between standard Amazon stuff (i.e market) and AWS (#1369)Ivan Nardi2021-11-04
|
* Refreshed results listLuca Deri2021-10-16
|
* Updated test results after latest commitLuca Deri2021-10-16
|
* Improved DGA detection for skipping potential DGAs of known/popular domain namesLuca Deri2021-10-05
|
* Update unit tests results after da8eed5a (#1323)Ivan Nardi2021-10-05
|
* Fix parsing of ipv6 packets with extension headersNardi Ivan2021-09-19
| | | | | | | | Decoding of ipv6 traffic with extension headers was completely broken, since the beginning of the L4 header was always set to a wrong value. Handle the ipv6 fragments in the same way as the ipv4 ones: keep the first one and drop the others.
* Updated outputLuca Deri2021-08-07
|
* ndpiReader: add statistics about nDPI performance (#1240)Ivan Nardi2021-07-13
| | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
* Updated category labelsLuca Deri2021-07-08
|
* Addesses partial application matching (#1207)Luca Deri2021-06-21
|
* Improved TLS browser detection heuristicsLuca Deri2021-05-19
|
* Added flow risk scoreLuca Deri2021-05-18
|
* Reworked human readeable string search in flowsLuca Deri2021-05-17
| | | | Removed fragment manager code
* Added browser TLS heuristicLuca Deri2021-05-13
|
* Reworked JA3Luca Deri2021-03-19
|
* Modified JA3 fingerprint messageLuca Deri2021-02-24
|
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Fixes #1029Luca Deri2020-11-27
|
* Updated resultsLuca Deri2020-11-16
|
* Add Virtual Asssitant (Alexa, Siri) support. (#1057)Zied Aouini2020-11-16
* Add AmazonAlexa protocol. * Add AmazonAlexa test file and result. * Include pcapng as file format. * Rename Category to VirtualAssistant. * Add AppleSiri virtual assistant. * Fix pcapng test files format support. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
Powered by cgit, Themed by Ted Yin.