aboutsummaryrefslogtreecommitdiff
path: root/utils
Commit message (Collapse)AuthorAge
* Mullvad VPN service added (based on entry node IP addresses) (#2062)snicket21002023-08-02
|
* ProtonVPN: split the ip list (#2060)Ivan Nardi2023-07-27
| | | | | | | | | | | Use two separate lists: * one for the ingress nodes, which triggers a ProtonVPN classification * one for the egress nodes, which triggers the `NDPI_ANONYMOUS_SUBSCRIBER` risk Add a command line option (to `ndpiReader`) to easily test IP/port matching. Add another example of custom rule.
* Add detection of Roblox games (#2054)Ivan Nardi2023-07-21
|
* tests: restore some old paths as symbolic links (#2050)Ivan Nardi2023-07-16
|
* Included Gambling website data from the Polish `hazard.mf.gov.pl` list (#2041)snicket21002023-07-14
| | | | | | | | | | | | | * Refreshed the Belgium Gambling Site list data Unfortunately some hostnames have been removed from that list, which means they are disappearing from the `ndpi_gambling_match.c.inc` file as well. * build: added `libxml2-utils` (for `xmllint`) * Included Gambling website data from the Polish `hazard.mf.gov.pl` list The list contains over 30k gambling website hostnames as of today.
* Refreshed ASN listsLuca Deri2023-06-13
| | | | Enhanced the Line IP list with https://ipinfo.io/AS23576/125.209.252.0/24 used by line
* ProtonVPN: add basic detection (#2006)Ivan Nardi2023-06-08
|
* Improved helper scripts. (#1986)Toni2023-05-28
| | | | | * added additional (more restrictive) checks Signed-off-by: lns <matzeton@googlemail.com>
* Add support for Epic Games and GeForceNow/Nvidia (#1990)Ivan Nardi2023-05-27
|
* Improve detection of Alibaba flows (#1991)Ivan Nardi2023-05-27
|
* Fixed invalid use of ndpi_free(). Sorry, my fault. (#1988)Toni2023-05-24
| | | | | | | | | | | | | | | * Fixed invalid use of ndpi_free(). Sorry, my fault. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Fine tuned symbol check script. * added check for expected syms in modules Signed-off-by: Toni Uhlig <matzeton@googlemail.com> --------- Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved missing usage of nDPIs malloc wrapper. Fixes #1978. (#1979)Toni2023-05-20
| | | | | * added CI check Signed-off-by: lns <matzeton@googlemail.com>
* Added scripts to auto generate hostname/SNI *.inc files. (#1984)Toni2023-05-20
| | | | | * add illegal gambling sites (Belgium) Signed-off-by: lns <matzeton@googlemail.com>
* Improve detection of crawlers/bots (#1968)Ivan Nardi2023-05-09
| | | Add support for Facebook crawler
* Refreshed listsLuca Deri2023-05-08
|
* Improve detection of crawler/bot traffic (#1956)Ivan Nardi2023-05-04
|
* DisneyPlus/Hulu ip lists should be auto-generated (#1905)Ivan Nardi2023-03-20
| | | | | | Remove two stale ip lists: 1) these 3 ips are in the Amazon ranges (now)... 2) the Instagram list originated from AS32934, which is now a Facebook AS; see https://github.com/ntop/nDPI/pull/1264/commits/8dabd06301a802dd38616ba8684a1d995783e023
* Add Yandex services detection (#1882)0xA50C1A12023-02-09
| | | | | Add Yandex services detection Add VK and Yandex to the TLS certificate match list
* Add VK detection (#1880)0xA50C1A12023-02-02
|
* Line app support (#1759)sharonenoch2022-10-01
| | | | | | | | | | | | | | | | | | | * Standard support for LINE app * Added test pcap for LINE app * make check result for LINE app * Make check success as 1kxun has LINE packets * Added the ASN inc file for LINE * Removed extra lines as its effecting make check * Editing the SNI required a new pcap output file for TLS.Line format * Run Configure with --with-pcre --with-maxminddb to enable the generation of h323-overflow.pcap.out Co-authored-by: Sharon Enoch <sharone@amzetta.com>
* Add Discord dissector. (#1694)Toni2022-08-03
| | | | | * fixed RiotGames false positive Signed-off-by: lns <matzeton@googlemail.com>
* Update the protocol bitmask for some protocols (#1675)Ivan Nardi2022-07-27
| | | | | | | Tcp retransmissions should be ignored. Remove some unused protocol bitmasks. Update script to download Whatsapp IP list.
* Add AVAST dissector. (#1674)Toni2022-07-25
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added AliCloud server access dissector. (#1672)Toni2022-07-23
| | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added Threema Messenger. (#1643)Toni2022-07-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added RiotGames ASN update.Toni Uhlig2022-07-06
| | | | | | * updated asn lists Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add support for GoTo products (mainly GoToMeeting) (#1580)Ivan Nardi2022-06-04
| | | There is some overlap with Citrix protocol.
* Added script to compare and verify the output of `make dist'. (#1551)Toni2022-05-26
| | | | | | | This fixes some build/test issues resulting when using tarballs. * nDPI uses autotools (especially autoconf) in a wrong way, see #1163 Signed-off-by: lns <matzeton@googlemail.com>
* Added Edgecast and Cachefly CDNs. (#1540)Toni2022-05-07
| | | | | | | | * Improved ASN update script * Ran `utils/update_every_lists.sh' * `tests/do.sh.in' prints the amount of failed pcap(s) * `utils/asn_update.sh' prints the amount of failed download(s) Signed-off-by: lns <matzeton@googlemail.com>
* Updated `utils/whatsapp_ip_addresses_download.sh' to scrape the required IP ↵Toni2022-04-22
| | | | | | | | addresses/ranges. (#1524) * Replaced return statements in `utils/*.sh' with exit's (such scripts should never source'd) * Ran `utils/update_every_lists.sh' Signed-off-by: lns <matzeton@googlemail.com>
* Add some scripts to easily update some IPs lists (#1522)Ivan Nardi2022-04-21
| | | | | Follow-up of 8b062295 Add a new protocol id for generic Tencent/Wechat flows
* Moved geneated file to a separate folderLuca Deri2022-04-01
|
* Improved ASN/IP update scripts and CI integration. (#1474)Toni2022-03-09
| | | | | * CI will print a warning if ASN/IP addresses changed. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Extracting the Azure Origin url from the download link (#1480)sharonenoch2022-03-08
| | | | | | | * Extracting the Azure Origin url from the download link * Response code check to address double quotes Co-authored-by: Sharon Enoch <sharone@amzetta.com>
* Add a new flow risk `NDPI_ANONYMOUS_SUBSCRIBER` (#1462)Ivan Nardi2022-02-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The main goal of a DPI engine is usually to determine "what", i.e. which types of traffic flow on the network. However the applications using DPI are often interested also in "who", i.e. which "user/subscriber" generated that traffic. The association between a flow and a subscriber is usually done via some kind of DHCP/GTP/RADIUS/NAT mappings. In all these cases the key element of the flow used to identify the user is the source ip address. That usually happens for the vast majority of the traffic. However, depending on the protocols involved and on the position on the net where the traffic is captured, the source ip address might have been changed/anonymized. In that case, that address is useless for any flow-username association. Example: iCloud Private Relay traffic captured between the exit relay and the server. See the picture at page 5 on: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF This commit adds new generic flow risk `NDPI_ANONYMOUS_SUBSCRIBER` hinting that the ip addresses shouldn't be used to identify the user associated with the flow. As a first example of this new feature, the entire list of the relay ip addresses used by Private Relay is added. A key point to note is that list is NOT used for flow classification (unlike all the other ip lists present in nDPI) but only for setting this new flow risk. TODO: IPv6
* Add some scripts to easily update some IPs lists (#1449)Ivan Nardi2022-02-25
| | | | | | | | | | | While the lists in a6ff0dd0 and 2f5f445f are somehow provided by the companies themselves (or by some interested parties), these new lists are directly extracted from BGP information, via AS prefixes. *Usually*, these new lists are far more stable than the previous ones. TODO: * add some other ASNs (see `src/lib/ndpi_content_match.c.inc`) * IPv6, as usual :-(
* Add support for Google Cloud (#1447)Ivan Nardi2022-02-20
| | | | Differentiate between Google its own apps/services and Google Cloud. We already do something similar for Amazon vs AWS and Microsoft vs Azure.
* Add few scripts to easily update some IPs lists (#1436)Ivan Nardi2022-02-09
| | | | | | | | | | | | | | | | | | | | | | | | * Add few scripts to easily update some IPs lists Some IPs lists should be updated frequently: try to easy the process. The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure addresses): one specific .c.inc file and one script for each protocol. Add the possibility to don't load a specific list. Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK, to identify Hotmail/Outlook/Exchange flows. TODO: ipv6 Remove the 9 addresses associated to BitTorrent: they have been added in e2f21116 but it is not clear why all the traffic to/from these ips should be classified as BitTorrent. * Added quotes * Added quotes Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Tool for generating automatically the Azure IP listLuca Deri2022-01-23
|
* Fix a global-buffer-overflow when loading Azure list (#1388)Ivan Nardi2021-12-19
|
* Added Microsoft Azure supportLuca Deri2021-12-19
|
* Added bootstrap ethereum nodesLuca Deri2020-01-08
|
* Tool for listing the current bitcoin IPv4 nodesLuca Deri2020-01-08
|
* Various improvements in particular for CapWAP and BloombergLuca Deri2019-10-27
|
* Refreshed Tor node listLuca Deri2019-09-08
Powered by cgit, Themed by Ted Yin.