| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Add support for Google Cloud (#1447) | Ivan Nardi | 2022-02-20 |
| | | | | | Differentiate between Google its own apps/services and Google Cloud. We already do something similar for Amazon vs AWS and Microsoft vs Azure. | ||
| * | Updated test results | Luca Deri | 2022-02-03 |
| | | |||
| * | Improve protocol stacks (#1425) | Ivan Nardi | 2022-01-30 |
| | | | | | | | | | | | | | | | | | | We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later. | ||
| * | Sync unit tests results (#1423) | Ivan Nardi | 2022-01-28 |
| | | | | Fix: 7a3aa41a | ||
| * | Updated test results after the risk NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE has ↵ | Luca Deri | 2022-01-26 |
| | | | | | been added | ||
| * | Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406) | Ivan Nardi | 2022-01-15 |
| | | | | Follow-up of 7cba34a1 | ||
| * | Restore a unit test result (#1403) | Ivan Nardi | 2022-01-13 |
| | | | | | | Deleted, probably by mistake, in 406ac7e8 Fix Makefile and add compilation of `rrdtool` in CI tests | ||
| * | Added the ability to specify trusted issueDN often used in companies to ↵ | Luca Deri | 2022-01-13 |
| | | | | | | | | | | | | self-signed certificates This allows to avoid triggering alerts for trusted albeit private certificate issuers. Extended the example/protos.txt with the new syntax for specifying trusted issueDN. Example: trusted_issuer_dn:"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US" | ||
| * | Add a "confidence" field about the reliability of the classification. (#1395) | Ivan Nardi | 2022-01-11 |
| | | | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic. | ||
| * | ndpiReader: slight simplificaton of the output (#1378) | Ivan Nardi | 2021-11-27 |
| | | |||
| * | Reworked HTTP protocol dissection including HTTP proxy and HTTP connect | Luca Deri | 2021-11-25 |
| | | |||
| * | Differentiate between standard Amazon stuff (i.e market) and AWS (#1369) | Ivan Nardi | 2021-11-04 |
| | | |||
| * | Fixed cleartext protocol assignment (#1357) | Ivan Nardi | 2021-10-25 |
| | | |||
| * | Refreshed results list | Luca Deri | 2021-10-16 |
| | | |||
| * | Updated test results after latest commit | Luca Deri | 2021-10-16 |
| | | |||
| * | Fix parsing of ipv6 packets with extension headers | Nardi Ivan | 2021-09-19 |
| | | | | | | | | | Decoding of ipv6 traffic with extension headers was completely broken, since the beginning of the L4 header was always set to a wrong value. Handle the ipv6 fragments in the same way as the ipv4 ones: keep the first one and drop the others. | ||
| * | Updated output | Luca Deri | 2021-08-07 |
| | | |||
| * | Reworked flow risk implementation | Luca Deri | 2021-07-23 |
| | | |||
| * | ndpiReader: add statistics about nDPI performance (#1240) | Ivan Nardi | 2021-07-13 |
| | | | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits. | ||
| * | Updated category labels | Luca Deri | 2021-07-08 |
| | | |||
| * | Improved TLS browser detection heuristics | Luca Deri | 2021-05-19 |
| | | |||
| * | Added flow risk score | Luca Deri | 2021-05-18 |
| | | |||
| * | Added browser TLS heuristic | Luca Deri | 2021-05-13 |
| | | |||
| * | Fixed invalid DNS dissection | Luca Deri | 2021-04-26 |
| | | |||
| * | Fixes #1029 | Luca Deri | 2020-11-27 |
| | | |||
| * | Updated results with numeric IP detection | Luca Deri | 2020-11-01 |
| | | |||
| * | Added -D flag for detecting DoH in the wild | Luca Deri | 2020-10-26 |
| | | | | | Removed heuristic from CiscoVPN as it leads to false positives | ||
| * | Tests update | Luca Deri | 2020-10-02 |
| | | |||
| * | Added risks for checking | Luca Deri | 2020-09-21 |
| | | | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension | ||
| * | Updated results | Luca Deri | 2020-09-18 |
| | | |||
| * | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 |
| | | |||
| * | Stddev calculation changes | Luca Deri | 2020-08-30 |
| | | |||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 |
| | | | | | Optimized stddev calculation | ||
| * | Added new traffic category for connectivity check detection | Luca Deri | 2020-08-04 |
| | | |||
| * | Fixed partial TLS dissection | Luca Deri | 2020-07-30 |
| | | |||
| * | Changed due to bin size extension | Luca Deri | 2020-07-30 |
| | | |||
| * | User agent detection improvements | Luca Deri | 2020-07-21 |
| | | |||
| * | Updated test results due to bin changes | Luca Deri | 2020-07-09 |
| | | |||
| * | Fixes #906 | Luca Deri | 2020-06-22 |
| | | | | | Packet bins are not printed wehn empty | ||
| * | Added ndpi_bin_XXX API | Luca Deri | 2020-06-22 |
| | | | | | Added packet lenght distribution bins | ||
| * | Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS | Luca Deri | 2020-06-08 |
| | | |||
| * | Added fix to avoid potential heap buffer overflow in H.323 dissector | Luca Deri | 2020-05-19 |
| | | | | | Modified HTTP report information to make it closer to the HTTP field names | ||
| * | Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk | Luca Deri | 2020-05-15 |
| | | |||
| * | Added TLS weak cipher and obsolete protocol version detection | Luca Deri | 2020-05-10 |
| | | |||
| * | Added detection of self-signed TLS certificates | Luca Deri | 2020-05-10 |
| | | |||
| * | Added the ability to detect when a known protocol is using a non-standard port | Luca Deri | 2020-05-10 |
| | | | | | Added check to spot executables exchanged via HTTP | ||
| * | Added TLS issuerDN and subjectDN | Luca Deri | 2020-05-07 |
| | | |||
| * | Updated results | Luca Deri | 2020-04-21 |
| | | |||
| * | CiscoVPN dissection improvements | Luca Deri | 2020-04-17 |
| | | |||
| * | Results update | Luca Deri | 2020-04-17 |
| | | |||