Issue of a deep inspection of NDPI 4.4 packages

Altus Intel
Altus Intel
  • Date Time

Project ntop , developing tools for capture and analysis of traffic, Published INFORMATION OF THE DECED PACTIONS ndpi 4.4 , continuing the development of the Opendpi library. The NDPI project is based after an unsuccessful attempt to transmit changes to repository Opendpi, which remained unaccompanied. The NDPI code is written in the language of SI and spreads under the license lgplv3.

system allows to determine the traffic used in the application protocols, analyzing the nature of the network activity without linking to the network ports (it can determine the known protocols whose processors take joints on non-standard network ports, for example, if HTTP is not given from 80 ports, or, conversely, when some other network activity try to camouflaged under HTTP through the launch of 80 port).

Differences from Opendpi are reduced to supporting additional protocols, porting to Windows platform, optimization of performance, adaptation for use in real -time traffic monitoring applications (some specific features slowed down the engine), assembly capabilities in the form of the Linux nucleus module, and Supporting the definition of offices.

In total, the definitions of about 300 protocols and applications are supported, from OpenVPN, Tor, Quic, Socks, Bittorrent and IPSEC to Telegram, Viber, WhatsApp, PostgreSQL and appeals to Gmail, Office365,
Googledocs and YouTube. There is a decoder of server and client SSL certificates that allows you to determine the protocol (for example, Citrix Online and Apple ICloud) using the encryption certificate. To analyze the contents of the PCAP dumps or current traffic through the network interface, the NDPireader utility is supplied.

in new issue :

  • Added metadata with information about the cause of the processor’s call for a particular threat.
  • Added the function ndpi_check_flow_risk_exceptions () for
    connection of network threat processors.
  • Separated into network protocols (for example, TLS) and application protocols (for example, Google services).
  • Added two new levels of confidentiality: ndpi_confidence_dpi_partial and ndpi_confidence_dpi_partial_cache.
  • A template has been added to determine the use of the Cloudflare Warp

    • service

  • Hashmap internal implementation is replaced by uthash .

    • . .

  • Updated bindings for Python.
  • by default, the built-in implementation of GCRYPT is involved (for the use of system implementation, the option is the option –with-libgcrypt).
  • The spectrum of identified network threats and problems associated with the risk of compromise (Flow Risk) has been expanded. Added support for new types of threats: ndpi_punycode_idn, ndpi_error_code_detected, ndpi_http_crawler_bot and ndpi_anonymous_subscriber.
  • Added support for protocols and services:
    • ultrasurf
    • i3d
    • riotgames
    • tsan
    • tunnelbear vpn

/Media reports.

© 2024 - Altus Intel