aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAge
* Quic fixes (#1067)Ivan Nardi2020-11-22
| | | | | | | * QUIC: fix return value on error path on quic_cipher_init() * QUIC: allow dissection of sessions forcing version negotiation Enhance heuristic to avoid false positives.
* Updated resultsLuca Deri2020-11-16
|
* Add Virtual Asssitant (Alexa, Siri) support. (#1057)Zied Aouini2020-11-16
| | | | | | | | | | | | | | | * Add AmazonAlexa protocol. * Add AmazonAlexa test file and result. * Include pcapng as file format. * Rename Category to VirtualAssistant. * Add AppleSiri virtual assistant. * Fix pcapng test files format support. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Implement DGA detection performances tracking workflow. (#1064)Zied Aouini2020-11-16
| | | | | | | | | | | | | * Implement dga evaluation helper. * Add test set for DGA classification. * Add DGA classification performances tracking as part of Travis. * Add DGA evaluation doc. * Fix CI on OSX. * Add missing backquote.
* Improve subprotocols detection. (#1062)Zied Aouini2020-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improve Spotify detection. * Improve Skype detection. * Improve Microsoft detection. * Fix Microsoft detection categories. * Improve Waze detection. * Improve Apple detection. * Improve WindowsUpdate detection. * Improve TikTok detection. * Improve Teams detection. * Improve Youtube detection. * Improve Messenger detection. * Improve Twitch detection. * Improve Hulu detection. * Improve Facebook detection. * Improve AmazonVideo detection.
* Add Tumblr support. (#1061)Zied Aouini2020-11-16
| | | | | | | * Add Tumblr protocol. * Add Tumblr test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Reddit support. (#1060)Zied Aouini2020-11-16
| | | | | | | * Add Reddit protocol. * Add Reddit test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Pinterest support. (#1059)Zied Aouini2020-11-16
| | | | | | | * Add Pinterest protocol. * Add Pinterest test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Renumbered AmongUs protocolLuca Deri2020-11-09
|
* Added support for AmongUs. (#1054)Toni2020-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated ESNI/SNI alarm generation prolicyLuca Deri2020-11-08
|
* :bulb: Add mongodb protocol dissector (#1048)Leonn2020-11-03
|
* QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044)Ivan Nardi2020-11-03
| | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak
* Updated results with numeric IP detectionLuca Deri2020-11-01
|
* Improve skype detection (#1039)Igor Duarte2020-10-27
| | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection
* Added -D flag for detecting DoH in the wildLuca Deri2020-10-26
| | | | Removed heuristic from CiscoVPN as it leads to false positives
* Added CPHA - CheckPoint High Availability Protocol protocl supportLuca Deri2020-10-22
|
* Fix parsing of DLT_PPP datalink type (#1042)Ivan Nardi2020-10-21
|
* Fixes #1033Luca Deri2020-10-21
|
* CAPWAP tunnel decoding fix (#1038)Zied Aouini2020-10-21
| | | | | * Fix CAPWAP processing. * Update result.
* Improved/autoconf (#1037)Toni2020-10-21
| | | | | | | | | * Switched to PKG_CHECK_MODULES to keep pkg-config checks more portable. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Improved GCrypt autoconf check to detect a possible gpg-error inter-library dependency. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed missing PCAP include directories in Makefiles. (#1034)Toni2020-10-19
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Decoupled fuzzy and unit testsAlfredo Cardigliano2020-10-12
|
* Tests updateLuca Deri2020-10-02
|
* Updated serialization test unitLuca Deri2020-10-02
|
* Added missing files to `make dist' target which are not required to build ↵Toni2020-09-29
| | | | | nDPI but still somehow essential. (#1024) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added JSON-C check for unit testsLuca Deri2020-09-26
|
* Various optimizations to reduce not-necessary callsLuca Deri2020-09-24
| | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive
* Added missing install target in newly added unit tstslucaderi2020-09-22
|
* Added risks for checkingLuca Deri2020-09-21
| | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
* Exclude sanitizer on unit tests involving json-c due to a bug in the libAlfredo Cardigliano2020-09-21
|
* Add distdir directiveAlfredo Cardigliano2020-09-21
|
* Add unit tests to travis. Move ndpi serializer tests to unit tests.Alfredo Cardigliano2020-09-21
|
* QUIC: add support for MVFST EXPERIMENTAL versionNardi Ivan2020-09-20
|
* Updated resultsLuca Deri2020-09-18
|
* Reworked MDNS dissector that is not based on the DNS dissectorLuca Deri2020-09-17
|
* Merge pull request #1012 from IvanNardi/uaLuca Deri2020-09-17
|\ | | | | QUIC: extract User Agent information
| * QUIC: extract User Agent informationNardi Ivan2020-09-08
| |
* | Merge pull request #1014 from lnslbrty/improved/teamspeakLuca Deri2020-09-09
|\ \ | | | | | | Improved Teamspeak(3) protocol detection.
| * | Improved Teamspeak(3) protocol detection.Toni Uhlig2020-09-09
| |/ | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* / Added extension to detect nested subdomains as used in Browsertunnel attack toolLuca Deri2020-09-09
|/ | | | https://github.com/veggiedefender/browsertunnel
* Added pcap file which contains dnscrypt-v1 data and resolver update ↵Toni Uhlig2020-09-07
| | | | | | | | requests/responses (v1/v2). * Renamed dnscrypt.pcap to simple-dnscrypt.pcap Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added dnscrypt-v2-doh resolver test pcaps.Toni Uhlig2020-09-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵Toni Uhlig2020-09-02
| | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #999 from IvanNardi/quicLuca Deri2020-08-30
|\ | | | | QUIC: add support for GQUIC T050 and T051
| * QUIC: add support for GQUIC T050 and T051Nardi Ivan2020-08-30
| | | | | | | | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol.
* | Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵Luca Deri2020-08-30
|/ | | | not condidered safe/secure
* Stddev calculation changesLuca Deri2020-08-30
|
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* QUIC: minor fixesNardi Ivan2020-08-24
| | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
Powered by cgit, Themed by Ted Yin.