| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | Renumbered AmongUs protocol | Luca Deri | 2020-11-09 | |
| | | ||||
| * | Added support for AmongUs. (#1054) | Toni | 2020-11-09 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Updated ESNI/SNI alarm generation prolicy | Luca Deri | 2020-11-08 | |
| | | ||||
| * | :bulb: Add mongodb protocol dissector (#1048) | Leonn | 2020-11-03 | |
| | | ||||
| * | QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044) | Ivan Nardi | 2020-11-03 | |
| | | | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak | |||
| * | Updated results with numeric IP detection | Luca Deri | 2020-11-01 | |
| | | ||||
| * | Improve skype detection (#1039) | Igor Duarte | 2020-10-27 | |
| | | | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection | |||
| * | Added -D flag for detecting DoH in the wild | Luca Deri | 2020-10-26 | |
| | | | | | Removed heuristic from CiscoVPN as it leads to false positives | |||
| * | Added CPHA - CheckPoint High Availability Protocol protocl support | Luca Deri | 2020-10-22 | |
| | | ||||
| * | Fix parsing of DLT_PPP datalink type (#1042) | Ivan Nardi | 2020-10-21 | |
| | | ||||
| * | Fixes #1033 | Luca Deri | 2020-10-21 | |
| | | ||||
| * | CAPWAP tunnel decoding fix (#1038) | Zied Aouini | 2020-10-21 | |
| | | | | | | * Fix CAPWAP processing. * Update result. | |||
| * | Improved/autoconf (#1037) | Toni | 2020-10-21 | |
| | | | | | | | | | | * Switched to PKG_CHECK_MODULES to keep pkg-config checks more portable. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Improved GCrypt autoconf check to detect a possible gpg-error inter-library dependency. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed missing PCAP include directories in Makefiles. (#1034) | Toni | 2020-10-19 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Decoupled fuzzy and unit tests | Alfredo Cardigliano | 2020-10-12 | |
| | | ||||
| * | Tests update | Luca Deri | 2020-10-02 | |
| | | ||||
| * | Updated serialization test unit | Luca Deri | 2020-10-02 | |
| | | ||||
| * | Added missing files to `make dist' target which are not required to build ↵ | Toni | 2020-09-29 | |
| | | | | | | nDPI but still somehow essential. (#1024) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added JSON-C check for unit tests | Luca Deri | 2020-09-26 | |
| | | ||||
| * | Various optimizations to reduce not-necessary calls | Luca Deri | 2020-09-24 | |
| | | | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive | |||
| * | Added missing install target in newly added unit tsts | lucaderi | 2020-09-22 | |
| | | ||||
| * | Added risks for checking | Luca Deri | 2020-09-21 | |
| | | | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension | |||
| * | Exclude sanitizer on unit tests involving json-c due to a bug in the lib | Alfredo Cardigliano | 2020-09-21 | |
| | | ||||
| * | Add distdir directive | Alfredo Cardigliano | 2020-09-21 | |
| | | ||||
| * | Add unit tests to travis. Move ndpi serializer tests to unit tests. | Alfredo Cardigliano | 2020-09-21 | |
| | | ||||
| * | QUIC: add support for MVFST EXPERIMENTAL version | Nardi Ivan | 2020-09-20 | |
| | | ||||
| * | Updated results | Luca Deri | 2020-09-18 | |
| | | ||||
| * | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 | |
| | | ||||
| * | Merge pull request #1012 from IvanNardi/ua | Luca Deri | 2020-09-17 | |
| |\ | | | | | QUIC: extract User Agent information | |||
| | * | QUIC: extract User Agent information | Nardi Ivan | 2020-09-08 | |
| | | | ||||
| * | | Merge pull request #1014 from lnslbrty/improved/teamspeak | Luca Deri | 2020-09-09 | |
| |\ \ | | | | | | | Improved Teamspeak(3) protocol detection. | |||
| | * | | Improved Teamspeak(3) protocol detection. | Toni Uhlig | 2020-09-09 | |
| | |/ | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * / | Added extension to detect nested subdomains as used in Browsertunnel attack tool | Luca Deri | 2020-09-09 | |
| |/ | | | | https://github.com/veggiedefender/browsertunnel | |||
| * | Added pcap file which contains dnscrypt-v1 data and resolver update ↵ | Toni Uhlig | 2020-09-07 | |
| | | | | | | | | | requests/responses (v1/v2). * Renamed dnscrypt.pcap to simple-dnscrypt.pcap Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added dnscrypt-v2-doh resolver test pcaps. | Toni Uhlig | 2020-09-07 | |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵ | Toni Uhlig | 2020-09-02 | |
| | | | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Merge pull request #999 from IvanNardi/quic | Luca Deri | 2020-08-30 | |
| |\ | | | | | QUIC: add support for GQUIC T050 and T051 | |||
| | * | QUIC: add support for GQUIC T050 and T051 | Nardi Ivan | 2020-08-30 | |
| | | | | | | | | | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol. | |||
| * | | Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵ | Luca Deri | 2020-08-30 | |
| |/ | | | | not condidered safe/secure | |||
| * | Stddev calculation changes | Luca Deri | 2020-08-30 | |
| | | ||||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 | |
| | | | | | Optimized stddev calculation | |||
| * | QUIC: minor fixes | Nardi Ivan | 2020-08-24 | |
| | | | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990) | |||
| * | Creared IoT-Scada category | Luca Deri | 2020-08-23 | |
| | | | | | Minor dnp3 changes | |||
| * | Added som GQUIC and IETF QUIC test pcaps | Luca Deri | 2020-08-22 | |
| | | ||||
| * | Add sub-classification for GQUIC >= Q050 and (IETF-)QUIC | Nardi Ivan | 2020-08-21 | |
| | | | | | | | | | | | | Add QUIC payload and header decryption: most of the crypto code has been "copied-and-incolled" from Wireshark. That code has been clearly marked as such. All credits for that code should go to the original authors. I tried to keep the Wireshark code as similar as possible to the original, comments included, to ease future backporting of fixes. Inevitably, glibc data types and data structures, tvbuff abstraction and allocation functions have been converted. | |||
| * | Major rework of QUIC dissector | Nardi Ivan | 2020-08-21 | |
| | | | | | | Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC | |||
| * | Added new check for detecting suspicious (too long) names | Luca Deri | 2020-08-21 | |
| | | ||||
| * | Added the ability do identigy as DGA those host/domain names with too many ↵ | Luca Deri | 2020-08-21 | |
| | | | | | | | | consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf | |||
| * | MySQL8 update | Luca Deri | 2020-08-21 | |
| | | ||||
| * | Added (manipulated) MySQL 8 test pcap. | Toni Uhlig | 2020-08-20 | |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||