aboutsummaryrefslogtreecommitdiff
path: root/tests/result/dropbox.pcap.out
Commit message (Collapse)AuthorAge
* Test multiple `ndpiReader` configurations (#1931)Ivan Nardi2023-04-06
| | | | | | | | | Extend internal unit tests to handle multiple configurations. As some examples, add tests about: * disabling some protocols * disabling Ookla aggressiveness Every configurations data is stored in a dedicated directory under `tests\cfgs`
* ndpiReader: print how many packets (per flow) were needed to perform full ↵Ivan Nardi2023-03-01
| | | | | | DPI (#1891) Average values are already printed, but this change should ease to identify regressions/improvements.
* STUN: add detection of ZOOM peer-to-peer flows (#1825)Ivan Nardi2022-12-11
| | | | See: "Enabling Passive Measurement of Zoom Performance in Production Networks" https://dl.acm.org/doi/pdf/10.1145/3517745.3561414
* DNS: change category of DNS flowsNardi Ivan2022-09-22
| | | | | DNS flows should have `NDPI_PROTOCOL_CATEGORY_NETWORK` as category, regardless of the subprotocol (if any).
* Remove classification "by-ip" from protocol stack (#1743)Ivan Nardi2022-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basically: * "classification by-ip" (i.e. `flow->guessed_protocol_id_by_ip` is NEVER returned in the protocol stack (i.e. `flow->detected_protocol_stack[]`); * if the application is interested into such information, it can access `ndpi_protocol->protocol_by_ip` itself. There are mainly 4 points in the code that set the "classification by-ip" in the protocol stack: the generic `ndpi_set_detected_protocol()`/ `ndpi_detection_giveup()` functions and the HTTP/STUN dissectors. In the unit tests output, a print about `ndpi_protocol->protocol_by_ip` has been added for each flow: the huge diff of this commit is mainly due to that. Strictly speaking, this change is NOT an API/ABI breakage, but there are important differences in the classification results. For examples: * TLS flows without the initial handshake (or without a matching SNI/certificate) are simply classified as `TLS`; * similar for HTTP or QUIC flows; * DNS flows without a matching request domain are simply classified as `DNS`; we don't have `DNS/Google` anymore just because the server is 8.8.8.8 (that was an outrageous behaviour...); * flows previusoly classified only "by-ip" are now classified as `NDPI_PROTOCOL_UNKNOWN`. See #1425 for other examples of why adding the "classification by-ip" in the protocol stack is a bad idea. Please, note that IPV6 is not supported :( (long standing issue in nDPI) i.e. `ndpi_protocol->protocol_by_ip` wil be always `NDPI_PROTOCOL_UNKNOWN` for IPv6 flows. Define `NDPI_CONFIDENCE_MATCH_BY_IP` has been removed. Close #1687
* Fix `ndpi_do_guess()` (#1731)Ivan Nardi2022-09-12
| | | | | Avoid a double call of `ndpi_guess_host_protocol_id()`. Some code paths work for ipv4/6 both Remove some never used code.
* Avoid useless host automa lookup (#1724)Ivan Nardi2022-09-05
| | | | | | | | | | | | | | | | | | | The host automa is used for two tasks: * protocol sub-classification (obviously); * DGA evaluation: the idea is that if a domain is present in this automa, it can't be a DGA, regardless of its format/name. In most dissectors both checks are executed, i.e. the code is something like: ``` ndpi_match_host_subprotocol(..., flow->host_server_name, ...); ndpi_check_dga_name(..., flow->host_server_name,...); ``` In that common case, we can perform only one automa lookup: if we check the sub-classification before the DGA, we can avoid the second lookup in the DGA function itself.
* Patricia tree, Ahocarasick automa, LRU cache: add statistics (#1683)Ivan Nardi2022-07-29
| | | | | | | | | | Add (basic) internal stats to the main data structures used by the library; they might be usefull to check how effective these structures are. Add an option to `ndpiReader` to dump them; enabled by default in the unit tests. This new option enables/disables dumping of "num dissectors calls" values, too (see b4cb14ec).
* Keep track of how many dissectors calls we made for each flow (#1657)Ivan Nardi2022-07-11
|
* Updated DNS alert triggered only with TTL == 0Luca Deri2022-06-14
|
* Improved DNS traffic analysisLuca Deri2022-06-13
| | | | Added ability to identify application and network protocols
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* ndpiReader: slight simplificaton of the output (#1378)Ivan Nardi2021-11-27
|
* Updated outputLuca Deri2021-08-07
|
* ndpiReader: add statistics about nDPI performance (#1240)Ivan Nardi2021-07-13
| | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
* Changed due to bin size extensionLuca Deri2020-07-30
|
* Added ndpi_bin_XXX APILuca Deri2020-06-22
| | | | Added packet lenght distribution bins
* Remove decimals in test results for IAT, packet lengths and goodput ratioemanuele-f2020-02-14
|
* Improved DNS response decodingLuca Deri2020-02-04
| | | | The first decoded address is now reported by ndpiReader
* Updated resultsLuca Deri2019-11-21
|
* Manual merge of pull #769Luca Deri2019-10-02
|
* Added -C to generate CSV analysis filesLuca2019-09-03
| | | | Improved IAT and byte distribution
* Average calculation fixLuca2019-08-29
|
* Compilation fix on systems without JSON-CLuca Deri2019-08-29
|
* Uodated resultsLuca2019-08-29
|
* Added entropy, average, stddev, variance, bytes ratio calculationLuca2019-08-28
|
* Added -e option to ndpiReader for searchign human readeable strings lenghtLuca Deri2019-07-24
| | | | Default human readeable strings lenght is not 5 chars (used to be 8)
* Refresh after data leak detectionLuca Deri2019-07-18
|
* FIX: dropbox dissector. UPD: updated pcap file with new dropbox pktsCampus2018-09-05
|
* Added missing categorization when giveup/guess is calledLuca2018-08-30
| | | | | Added optimization for TCP flows that do not start with a SYN packet: early giveup is performed Code cleanup
* Updated results based on the new output formatLuca2018-07-21
|
* Updated test resulsLuca Deri2018-05-18
|
* Updated test resultsLuca Deri2018-05-14
|
* A more predictable sorting of the flows list.Vitaly Lavrov2017-09-29
| | | | It is necessary for correct testing.
* update resultsCampus2017-08-09
|
* Implemented flow sort based on total bytes so that we can (with -v X) ↵Luca2017-08-02
| | | | immediately spot elephants and mice
* Updated tests to match new SSL server certificate fix/additionMicah Lyle2017-07-18
|
* update results after modificationsCampus2017-05-26
|
* Updated results are ndpiReader output has been modifiedLuca Deri2017-05-17
|
* update flow thanks to commit a9c01ded174ed380a2d135cfb9b903f616b0e175Campus2017-04-20
|
* Dissected SSH client/server versions and reported in data structuresLuca Deri2017-02-11
|
* Recomputed results due to the previous commitLuca Deri2016-06-19
|
* fix for test pcap and outputCampus2016-04-04
|
* fixed coap.c and dropbox.c after detecting wrong detection - added test for ↵Campus2016-03-29
dropbox
Powered by cgit, Themed by Ted Yin.