| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | Updated DNS alert triggered only with TTL == 0 | Luca Deri | 2022-06-14 | |
| | | ||||
| * | Improved DNS traffic analysis | Luca Deri | 2022-06-13 | |
| | | | | | Added ability to identify application and network protocols | |||
| * | Dissect host line if SSDP contains such. (#1586) | Toni | 2022-06-07 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Updated risk results | Luca Deri | 2022-05-30 | |
| | | ||||
| * | Updated tests results | Luca Deri | 2022-05-30 | |
| | | | | | Code cleanup | |||
| * | Updated SkypeCall -> Skype_TeamsCall | Luca Deri | 2022-05-26 | |
| | | ||||
| * | Improved TLS application data detection. (#1541) | Toni | 2022-05-08 | |
| | | | | | | | * #1532 did fx TLS appdata detection only partially * use flow->l4.tcp.tls.message.buffer_used instead of packet->payload Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Sync unit tests results (#1533) | Ivan Nardi | 2022-04-27 | |
| | | ||||
| * | Improved TLS application data detection. (#1532) | Toni | 2022-04-27 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Add few scripts to easily update some IPs lists (#1436) | Ivan Nardi | 2022-02-09 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | * Add few scripts to easily update some IPs lists Some IPs lists should be updated frequently: try to easy the process. The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure addresses): one specific .c.inc file and one script for each protocol. Add the possibility to don't load a specific list. Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK, to identify Hotmail/Outlook/Exchange flows. TODO: ipv6 Remove the 9 addresses associated to BitTorrent: they have been added in e2f21116 but it is not clear why all the traffic to/from these ips should be classified as BitTorrent. * Added quotes * Added quotes Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com> | |||
| * | Improve protocol stacks (#1425) | Ivan Nardi | 2022-01-30 | |
| | | | | | | | | | | | | | | | | | | We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later. | |||
| * | Sync unit tests results (#1423) | Ivan Nardi | 2022-01-28 | |
| | | | | Fix: 7a3aa41a | |||
| * | Add a "confidence" field about the reliability of the classification. (#1395) | Ivan Nardi | 2022-01-11 | |
| | | | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic. | |||
| * | ndpiReader: slight simplificaton of the output (#1378) | Ivan Nardi | 2021-11-27 | |
| | | ||||
| * | Fixed cleartext protocol assignment (#1357) | Ivan Nardi | 2021-10-25 | |
| | | ||||
| * | Refreshed results list | Luca Deri | 2021-10-16 | |
| | | ||||
| * | Updated test results after latest commit | Luca Deri | 2021-10-16 | |
| | | ||||
| * | Improved DGA detection for skipping potential DGAs of known/popular domain names | Luca Deri | 2021-10-05 | |
| | | ||||
| * | Update unit tests results after da8eed5a (#1323) | Ivan Nardi | 2021-10-05 | |
| | | ||||
| * | Fixed some invalid TLS guesses | Luca Deri | 2021-08-17 | |
| | | ||||
| * | Updated output | Luca Deri | 2021-08-07 | |
| | | ||||
| * | ndpiReader: add statistics about nDPI performance (#1240) | Ivan Nardi | 2021-07-13 | |
| | | | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits. | |||
| * | Renamed Skyp in Skype_Teams as the protocol is now shared across these apps | Luca Deri | 2021-06-02 | |
| | | ||||
| * | Added flow risk score | Luca Deri | 2021-05-18 | |
| | | ||||
| * | Updated protocol category | Luca Deri | 2021-05-15 | |
| | | ||||
| * | Implemented TLS Certificate Sibject matching | Luca Deri | 2021-02-22 | |
| | | | | | Improved AnyDesk detection | |||
| * | Improved (partial) TLS dissection | Luca Deri | 2021-02-04 | |
| | | ||||
| * | Fixes #1029 | Luca Deri | 2020-11-27 | |
| | | ||||
| * | Tests update | Luca Deri | 2020-10-02 | |
| | | ||||
| * | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 | |
| | | ||||
| * | Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵ | Luca Deri | 2020-08-30 | |
| | | | | | not condidered safe/secure | |||
| * | Stddev calculation changes | Luca Deri | 2020-08-30 | |
| | | ||||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 | |
| | | | | | Optimized stddev calculation | |||
| * | Fixed partial TLS dissection | Luca Deri | 2020-07-30 | |
| | | ||||
| * | Changed due to bin size extension | Luca Deri | 2020-07-30 | |
| | | ||||
| * | Updated test results due to bin changes | Luca Deri | 2020-07-09 | |
| | | ||||
| * | Fixes #906 | Luca Deri | 2020-06-22 | |
| | | | | | Packet bins are not printed wehn empty | |||
| * | Added ndpi_bin_XXX API | Luca Deri | 2020-06-22 | |
| | | | | | Added packet lenght distribution bins | |||
| * | Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS | Luca Deri | 2020-06-08 | |
| | | ||||
| * | Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk | Luca Deri | 2020-05-15 | |
| | | ||||
| * | Added TLS weak cipher and obsolete protocol version detection | Luca Deri | 2020-05-10 | |
| | | ||||
| * | Added the ability to detect when a known protocol is using a non-standard port | Luca Deri | 2020-05-10 | |
| | | | | | Added check to spot executables exchanged via HTTP | |||
| * | Added TLS issuerDN and subjectDN | Luca Deri | 2020-05-07 | |
| | | ||||
| * | NetBIOS dissection improvements | Luca Deri | 2020-03-01 | |
| | | ||||
| * | Remove decimals in test results for IAT, packet lengths and goodput ratio | emanuele-f | 2020-02-14 | |
| | | ||||
| * | Improved DNS response decoding | Luca Deri | 2020-02-04 | |
| | | | | | The first decoded address is now reported by ndpiReader | |||
| * | Reworked TLS dissection | Luca | 2020-01-01 | |
| | | ||||
| * | Improvements to stop dissection when the first protocol is detected | Luca Deri | 2019-11-28 | |
| | | | | | | Used IP-based detection to compute the application protocol Improved application detection | |||
| * | Updated results | Luca Deri | 2019-11-21 | |
| | | ||||
| * | nDPI TLS improvements using the server certificate | Luca Deri | 2019-10-26 | |
| | | ||||