aboutsummaryrefslogtreecommitdiff
path: root/tests/result/teams.pcap.out
Commit message (Collapse)AuthorAge
* SilencedLuca Deri2022-02-14
| | | | | | | | | NDPI_SUSPICIOUS_DGA_DOMAIN, NDPI_BINARY_APPLICATION_TRANSFER, NDPI_HTTP_NUMERIC_IP_HOST, NDPI_MALICIOUS_JA3, for predefined connectivity check and cybersec categories
* Updated test resultsLuca Deri2022-02-03
|
* Sync unit tests results (#1423)Ivan Nardi2022-01-28
| | | Fix: 7a3aa41a
* STUN: fix "confidence" value for some classifications (#1407)Ivan Nardi2022-01-15
|
* Improved MicrosoftAzure detectionLuca Deri2022-01-12
|
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* Added Microsoft Azure supportLuca Deri2021-12-19
|
* ndpiReader: slight simplificaton of the output (#1378)Ivan Nardi2021-11-27
|
* Fix writes to `flow->protos` union fields (#1354)Ivan Nardi2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | We can write to `flow->protos` only after a proper classification. This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP, SMTP, IMAP and POP code. There are two kinds of fixes: * write to `flow->protos` only if a final protocol has been detected * move protocol state out of `flow->protos` The hard part is to find, for each protocol, the right tradeoff between memory usage and code complexity. Handle Kerberos like DNS: if we find a request, we set the protocol and an extra callback to further parsing the reply. For all the other protocols, move the state out of `flow->protos`. This is an issue only for the FTP/MAIL stuff. Add DHCP Class Identification value to the output of ndpiReader and to the Jason serialization. Extend code coverage of fuzz tests. Close #1343 Close #1342
* Fixed cleartext protocol assignment (#1357)Ivan Nardi2021-10-25
|
* Refreshed results listLuca Deri2021-10-16
|
* Updated test results after latest commitLuca Deri2021-10-16
|
* Updated outputLuca Deri2021-08-07
|
* ndpiReader: add statistics about nDPI performance (#1240)Ivan Nardi2021-07-13
| | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
* Updated category labelsLuca Deri2021-07-08
|
* Addesses partial application matching (#1207)Luca Deri2021-06-21
|
* Fixed expected outputLuca Deri2021-06-03
|
* Improved TLS browser detection heuristicsLuca Deri2021-05-19
|
* Added flow risk scoreLuca Deri2021-05-18
|
* Reworked human readeable string search in flowsLuca Deri2021-05-17
| | | | Removed fragment manager code
* Added browser TLS heuristicLuca Deri2021-05-13
|
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Improved DGA detectionLuca Deri2021-03-03
| | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
* Improved nDPI string matching algorithmLuca Deri2021-02-18
|
* STUN improvementsLuca Deri2021-02-10
|
* (Temporarely) Disabled fragment manager (#1129)Luca Deri2021-02-05
|
* Updated results due to the new fragment manager handlerLuca Deri2021-02-03
|
* Introduced fix on TLS for discarding traffic out of sequence that might ↵Luca Deri2020-12-22
| | | | invalidate dissection
* Fixes #1029Luca Deri2020-11-27
|
* Various optimizations to reduce not-necessary callsLuca Deri2020-09-24
| | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive
* Stddev calculation changesLuca Deri2020-08-30
|
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* Added new check for detecting suspicious (too long) namesLuca Deri2020-08-21
|
* Added new traffic category for connectivity check detectionLuca Deri2020-08-04
|
* Fixed partial TLS dissectionLuca Deri2020-07-30
|
* Changed due to bin size extensionLuca Deri2020-07-30
|
* Updated test results due to bin changesLuca Deri2020-07-09
|
* Fixes #906Luca Deri2020-06-22
| | | | Packet bins are not printed wehn empty
* Added ndpi_bin_XXX APILuca Deri2020-06-22
| | | | Added packet lenght distribution bins
* Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPSLuca Deri2020-06-08
|
* Added stub for checking HTTP headerLuca Deri2020-05-21
| | | | Updated Teams result
* Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_riskLuca Deri2020-05-15
|
* Added the ability to detect when a known protocol is using a non-standard portLuca Deri2020-05-10
| | | | Added check to spot executables exchanged via HTTP
* Added TLS issuerDN and subjectDNLuca Deri2020-05-07
|
* Office365 renamed to Microsoft365 (by Microsoft)Luca Deri2020-04-20
|
* Results updateLuca Deri2020-04-17
|
* Added detection of Microsoft TeamsLuca Deri2020-04-16
Powered by cgit, Themed by Ted Yin.