aboutsummaryrefslogtreecommitdiff
path: root/tests/result
Commit message (Collapse)AuthorAge
* Quic fixes (#1067)Ivan Nardi2020-11-22
| | | | | | | * QUIC: fix return value on error path on quic_cipher_init() * QUIC: allow dissection of sessions forcing version negotiation Enhance heuristic to avoid false positives.
* Updated resultsLuca Deri2020-11-16
|
* Add Virtual Asssitant (Alexa, Siri) support. (#1057)Zied Aouini2020-11-16
| | | | | | | | | | | | | | | * Add AmazonAlexa protocol. * Add AmazonAlexa test file and result. * Include pcapng as file format. * Rename Category to VirtualAssistant. * Add AppleSiri virtual assistant. * Fix pcapng test files format support. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Improve subprotocols detection. (#1062)Zied Aouini2020-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improve Spotify detection. * Improve Skype detection. * Improve Microsoft detection. * Fix Microsoft detection categories. * Improve Waze detection. * Improve Apple detection. * Improve WindowsUpdate detection. * Improve TikTok detection. * Improve Teams detection. * Improve Youtube detection. * Improve Messenger detection. * Improve Twitch detection. * Improve Hulu detection. * Improve Facebook detection. * Improve AmazonVideo detection.
* Add Tumblr support. (#1061)Zied Aouini2020-11-16
| | | | | | | * Add Tumblr protocol. * Add Tumblr test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Reddit support. (#1060)Zied Aouini2020-11-16
| | | | | | | * Add Reddit protocol. * Add Reddit test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Pinterest support. (#1059)Zied Aouini2020-11-16
| | | | | | | * Add Pinterest protocol. * Add Pinterest test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Renumbered AmongUs protocolLuca Deri2020-11-09
|
* Added support for AmongUs. (#1054)Toni2020-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated ESNI/SNI alarm generation prolicyLuca Deri2020-11-08
|
* :bulb: Add mongodb protocol dissector (#1048)Leonn2020-11-03
|
* QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044)Ivan Nardi2020-11-03
| | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak
* Updated results with numeric IP detectionLuca Deri2020-11-01
|
* Improve skype detection (#1039)Igor Duarte2020-10-27
| | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection
* Added -D flag for detecting DoH in the wildLuca Deri2020-10-26
| | | | Removed heuristic from CiscoVPN as it leads to false positives
* Added CPHA - CheckPoint High Availability Protocol protocl supportLuca Deri2020-10-22
|
* Fix parsing of DLT_PPP datalink type (#1042)Ivan Nardi2020-10-21
|
* Fixes #1033Luca Deri2020-10-21
|
* CAPWAP tunnel decoding fix (#1038)Zied Aouini2020-10-21
| | | | | * Fix CAPWAP processing. * Update result.
* Tests updateLuca Deri2020-10-02
|
* Various optimizations to reduce not-necessary callsLuca Deri2020-09-24
| | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive
* Added risks for checkingLuca Deri2020-09-21
| | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
* QUIC: add support for MVFST EXPERIMENTAL versionNardi Ivan2020-09-20
|
* Updated resultsLuca Deri2020-09-18
|
* Reworked MDNS dissector that is not based on the DNS dissectorLuca Deri2020-09-17
|
* Merge pull request #1012 from IvanNardi/uaLuca Deri2020-09-17
|\ | | | | QUIC: extract User Agent information
| * QUIC: extract User Agent informationNardi Ivan2020-09-08
| |
* | Merge pull request #1014 from lnslbrty/improved/teamspeakLuca Deri2020-09-09
|\ \ | | | | | | Improved Teamspeak(3) protocol detection.
| * | Improved Teamspeak(3) protocol detection.Toni Uhlig2020-09-09
| |/ | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* / Added extension to detect nested subdomains as used in Browsertunnel attack toolLuca Deri2020-09-09
|/ | | | https://github.com/veggiedefender/browsertunnel
* Added pcap file which contains dnscrypt-v1 data and resolver update ↵Toni Uhlig2020-09-07
| | | | | | | | requests/responses (v1/v2). * Renamed dnscrypt.pcap to simple-dnscrypt.pcap Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added dnscrypt-v2-doh resolver test pcaps.Toni Uhlig2020-09-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵Toni Uhlig2020-09-02
| | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #999 from IvanNardi/quicLuca Deri2020-08-30
|\ | | | | QUIC: add support for GQUIC T050 and T051
| * QUIC: add support for GQUIC T050 and T051Nardi Ivan2020-08-30
| | | | | | | | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol.
* | Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵Luca Deri2020-08-30
|/ | | | not condidered safe/secure
* Stddev calculation changesLuca Deri2020-08-30
|
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* QUIC: minor fixesNardi Ivan2020-08-24
| | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
* Creared IoT-Scada categoryLuca Deri2020-08-23
| | | | Minor dnp3 changes
* Added som GQUIC and IETF QUIC test pcapsLuca Deri2020-08-22
|
* Add sub-classification for GQUIC >= Q050 and (IETF-)QUICNardi Ivan2020-08-21
| | | | | | | | | | | Add QUIC payload and header decryption: most of the crypto code has been "copied-and-incolled" from Wireshark. That code has been clearly marked as such. All credits for that code should go to the original authors. I tried to keep the Wireshark code as similar as possible to the original, comments included, to ease future backporting of fixes. Inevitably, glibc data types and data structures, tvbuff abstraction and allocation functions have been converted.
* Major rework of QUIC dissectorNardi Ivan2020-08-21
| | | | | Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC
* Added new check for detecting suspicious (too long) namesLuca Deri2020-08-21
|
* Added the ability do identigy as DGA those host/domain names with too many ↵Luca Deri2020-08-21
| | | | | | | consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
* MySQL8 updateLuca Deri2020-08-21
|
* Added (manipulated) MySQL 8 test pcap.Toni Uhlig2020-08-20
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #974 from IvanNardi/esni4Luca Deri2020-08-13
|\ | | | | Suspicious ESNI usage: add a comment and a pcap example
| * Suspicious ESNI usage: add a comment and a pcap exampleNardi Ivan2020-08-06
| | | | | | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* | Fixes invalid detection on traffic on non standard portsLuca Deri2020-08-12
|/
Powered by cgit, Themed by Ted Yin.