aboutsummaryrefslogtreecommitdiff
path: root/tests/result/nest_log_sink.pcap.out
Commit message (Collapse)AuthorAge
* Add few scripts to easily update some IPs lists (#1436)Ivan Nardi2022-02-09
| | | | | | | | | | | | | | | | | | | | | | | | * Add few scripts to easily update some IPs lists Some IPs lists should be updated frequently: try to easy the process. The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure addresses): one specific .c.inc file and one script for each protocol. Add the possibility to don't load a specific list. Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK, to identify Hotmail/Outlook/Exchange flows. TODO: ipv6 Remove the 9 addresses associated to BitTorrent: they have been added in e2f21116 but it is not clear why all the traffic to/from these ips should be classified as BitTorrent. * Added quotes * Added quotes Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Improve protocol stacks (#1425)Ivan Nardi2022-01-30
| | | | | | | | | | | | | | | | | We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later.
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* ndpiReader: slight simplificaton of the output (#1378)Ivan Nardi2021-11-27
|
* Refreshed results listLuca Deri2021-10-16
|
* Updated outputLuca Deri2021-08-07
|
* ndpiReader: add statistics about nDPI performance (#1240)Ivan Nardi2021-07-13
| | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
* Fixes #1029Luca Deri2020-11-27
|
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* Changed due to bin size extensionLuca Deri2020-07-30
|
* Updated test results due to bin changesLuca Deri2020-07-09
|
* Added ndpi_bin_XXX APILuca Deri2020-06-22
| | | | Added packet lenght distribution bins
* Remove decimals in test results for IAT, packet lengths and goodput ratioemanuele-f2020-02-14
|
* Improved DNS response decodingLuca Deri2020-02-04
| | | | The first decoded address is now reported by ndpiReader
* Improvements to stop dissection when the first protocol is detectedLuca Deri2019-11-28
| | | | | Used IP-based detection to compute the application protocol Improved application detection
* Updated resultsLuca Deri2019-11-21
|
* Manual merge of pull #769Luca Deri2019-10-02
|
* Improves IAT calculationLuca2019-09-24
|
* Added -C to generate CSV analysis filesLuca2019-09-03
| | | | Improved IAT and byte distribution
* Uodated resultsLuca2019-08-29
|
* Added entropy, average, stddev, variance, bytes ratio calculationLuca2019-08-28
|
* Added missing result for nestLuca Deri2019-07-24
Powered by cgit, Themed by Ted Yin.