aboutsummaryrefslogtreecommitdiff
path: root/tests/result/zoom.pcap.out
Commit message (Collapse)AuthorAge
* Add support for Google Cloud (#1447)Ivan Nardi2022-02-20
| | | | Differentiate between Google its own apps/services and Google Cloud. We already do something similar for Amazon vs AWS and Microsoft vs Azure.
* Add few scripts to easily update some IPs lists (#1436)Ivan Nardi2022-02-09
| | | | | | | | | | | | | | | | | | | | | | | | * Add few scripts to easily update some IPs lists Some IPs lists should be updated frequently: try to easy the process. The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure addresses): one specific .c.inc file and one script for each protocol. Add the possibility to don't load a specific list. Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK, to identify Hotmail/Outlook/Exchange flows. TODO: ipv6 Remove the 9 addresses associated to BitTorrent: they have been added in e2f21116 but it is not clear why all the traffic to/from these ips should be classified as BitTorrent. * Added quotes * Added quotes Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Updated test resultsLuca Deri2022-02-03
|
* Improve protocol stacks (#1425)Ivan Nardi2022-01-30
| | | | | | | | | | | | | | | | | We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later.
* Sync unit tests results (#1423)Ivan Nardi2022-01-28
| | | Fix: 7a3aa41a
* STUN: fix "confidence" value for some classifications (#1407)Ivan Nardi2022-01-15
|
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* ndpiReader: slight simplificaton of the output (#1378)Ivan Nardi2021-11-27
|
* Reworked HTTP protocol dissection including HTTP proxy and HTTP connectLuca Deri2021-11-25
|
* Fix writes to `flow->protos` union fields (#1354)Ivan Nardi2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | We can write to `flow->protos` only after a proper classification. This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP, SMTP, IMAP and POP code. There are two kinds of fixes: * write to `flow->protos` only if a final protocol has been detected * move protocol state out of `flow->protos` The hard part is to find, for each protocol, the right tradeoff between memory usage and code complexity. Handle Kerberos like DNS: if we find a request, we set the protocol and an extra callback to further parsing the reply. For all the other protocols, move the state out of `flow->protos`. This is an issue only for the FTP/MAIL stuff. Add DHCP Class Identification value to the output of ndpiReader and to the Jason serialization. Extend code coverage of fuzz tests. Close #1343 Close #1342
* Fixed cleartext protocol assignment (#1357)Ivan Nardi2021-10-25
|
* Refreshed results listLuca Deri2021-10-16
|
* Updated test results after latest commitLuca Deri2021-10-16
|
* Improved DGA detection for skipping potential DGAs of known/popular domain namesLuca Deri2021-10-05
|
* Update unit tests results after da8eed5a (#1323)Ivan Nardi2021-10-05
|
* Updated outputLuca Deri2021-08-07
|
* ndpiReader: add statistics about nDPI performance (#1240)Ivan Nardi2021-07-13
| | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
* Added flow risk scoreLuca Deri2021-05-18
|
* Added browser TLS heuristicLuca Deri2021-05-13
|
* Improves STUN dissection removing an invalid termination condition that ↵Luca Deri2021-01-13
| | | | prevented Skype calls to be properly identified
* Fixes #1029Luca Deri2020-11-27
|
* Various optimizations to reduce not-necessary callsLuca Deri2020-09-24
| | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive
* Reworked MDNS dissector that is not based on the DNS dissectorLuca Deri2020-09-17
|
* Stddev calculation changesLuca Deri2020-08-30
|
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* Fixed partial TLS dissectionLuca Deri2020-07-30
|
* Changed due to bin size extensionLuca Deri2020-07-30
|
* Updated test results due to bin changesLuca Deri2020-07-09
|
* Fixes #906Luca Deri2020-06-22
| | | | Packet bins are not printed wehn empty
* Added ndpi_bin_XXX APILuca Deri2020-06-22
| | | | Added packet lenght distribution bins
* Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPSLuca Deri2020-06-08
|
* Added TLS weak cipher and obsolete protocol version detectionLuca Deri2020-05-10
|
* Added the ability to detect when a known protocol is using a non-standard portLuca Deri2020-05-10
| | | | Added check to spot executables exchanged via HTTP
* Added TLS issuerDN and subjectDNLuca Deri2020-05-07
|
* Results updateLuca Deri2020-04-17
|
* Remove decimals in test results for IAT, packet lengths and goodput ratioemanuele-f2020-02-14
|
* Added export of TLS supported version in TLS headerLuca Deri2020-02-07
|
* Added TLS ALPN supportLuca Deri2020-02-07
|
* Improved DNS response decodingLuca Deri2020-02-04
| | | | The first decoded address is now reported by ndpiReader
* Reworked TLS dissectionLuca2020-01-01
|
* Improvements to stop dissection when the first protocol is detectedLuca Deri2019-11-28
| | | | | Used IP-based detection to compute the application protocol Improved application detection
* Updated resultsLuca Deri2019-11-21
|
* Major cleanupLuca Deri2019-10-24
| | | | Removed ndpi_pref_http_dont_dissect_response and ndpi_pref_dns_dont_dissect_response as the ndpi_extra_dissection_possible() call will now handle everything
* Manual merge of pull #769Luca Deri2019-10-02
|
* Added Zoom protocol support removing invalid STUN/Skype detectionsLuca Deri2019-09-26
Powered by cgit, Themed by Ted Yin.