| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should have two protocols in classification results only when the
"master" protocol allows some sub-protocols.
Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are
fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`,
`DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading.
For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure`
statistics; that seems to be wrong or, at least, very misleading.
This is quite important since we have lots of addresses from CDN
operators.
The only drawback of this solution is that right now ICMP traffic is
classified simply as `ICMP`; if we are really interested in ICMP stuff
we can restore the old behaviour later.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add detection of AccuWeather site/app and Google Classroom.
Improve detection of Azure, Zattoo, Whatsapp, MQTT and LDAP.
Fix some RX false positives.
Fix some "Uncommon TLS ALPN"-risk false positives.
Fix "confidence" value for some Zoom/Torrent classifications.
Minor fix in Lua script for Wireshark extcap.
Update .gitignore file.
Let GitHub correctly detect the language type of *.inc files.
Zattoo example has been provided by @subhajit-cdot in #1148.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As a general rule, the higher the confidence value, the higher the
"reliability/precision" of the classification.
In other words, this new field provides an hint about "how" the flow
classification has been obtained.
For example, the application may want to ignore classification "by-port"
(they are not real DPI classifications, after all) or give a second
glance at flows classified via LRU caches (because of false positives).
Setting only one value for the confidence field is a bit tricky: more
work is probably needed in the next future to tweak/fix/improve the logic.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The goal is to have a (roughly) idea about how many packets nDPI needs
to properly classify a flow.
Log this information (and guessed flows number too) during unit tests,
to keep track of improvements/regressions across commits.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Added packet lenght distribution bins
|
| | |
|
| |
|
|
| |
The first decoded address is now reported by ndpiReader
|
| | |
|
| |
|
|
|
| |
Used IP-based detection to compute the application protocol
Improved application detection
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Improved IAT and byte distribution
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Renamed ssl to tls
|
| |
|
|
| |
Default human readeable strings lenght is not 5 chars (used to be 8)
|
| | |
|
| | |
|
| |
|
|
| |
Merge branch 'dev' of https://github.com/ntop/nDPI into dev
|
| |
|
|
|
|
| |
cannot have subprotocols, DNS can (DNS.Spotify)
Merged Skype call in/out in Skype Call
|
| |
|
|
| |
Used the host guessed protocol if upper protocol has not been detected
|
| |
|
|
|
| |
Added optimization for TCP flows that do not start with a SYN packet: early giveup is performed
Code cleanup
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
immediately spot elephants and mice
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Improved AFP dissection
Updated DHCP test results
|
| | |
|
| |
|
|
| |
Updated IPv6 address dump format
|
| |
|
|
| |
Implemented sub-protocol detection for SSL/HTTP/HTTPS
|
| |
|
|
|
|
|
| |
containing spaces
Modified ndpiReader to include flow details in dumps (used for testing)
Rebuilt all test results to include flow details
|
| |
|