rpm/ndpi
SHA256
1
0
Fork 0
forked from pool/ndpi
Code Pull Requests Activity
factory
ndpi/0002-Report-whether-a-protocol-is-encrypted.patch
Dirk Stoecker 85c6ff090c Accepting request 913748 from home:mnhauke:monitoring 
- Update to version 4.0
  New Features
  * Add API for computing RSI (Relative Strenght Index)
  * Add GeoIP support
  * Add fragments management
  * Add API for jitter calculation
  * Add single exponential smoothing API
  * Add timeseries forecasting support implementing Holt-Winters
    with confidence interval
  * Add support for MAC to radi tree and expose the full API to
    applications
  * Add JA3+, with ALPN and elliptic curve
  * Add double exponential smoothing implementation
  * Extended API for managing flow risks
  * Add flow risk score
  * New flow risks:
    + Desktop or File Sharing Session
    + HTTP suspicious content (useful for tracking trickbot)
    + Malicious JA3
    + Malicious SHA1
    + Risky domain
    + Risky AS
    + TLS Certificate Validity Too Long
    + TLS Suspicious Extension
  New Supported Protocols and Services
  * New protocols:
    + AmongUs
    + AVAST SecureDNS
    + CPHA (CheckPoint High Availability Protocol)
    + DisneyPlus

OBS-URL: https://build.opensuse.org/request/show/913748
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/ndpi?expand=0&rev=23
2021-08-24 12:10:43 +00:00

27 lines
980 B
Diff
Raw Permalink Blame History

From 5f286a17c1ecb88b06ee069650fa73f7565165dc Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sat, 7 Aug 2021 17:35:34 +0200
Subject: [PATCH 2/3] Report whether a protocol is encrypted
---
example/ndpiReader.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index b4434650..053dc2ec 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1368,6 +1368,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
flow->detected_protocol, buf1, sizeof(buf1)));
+ fprintf(out, "[%s]",
+ ndpi_is_encrypted_proto(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol) ? "Encrypted" : "ClearText");
+
if(flow->detected_protocol.category != 0)
fprintf(out, "[cat: %s/%u]",
ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
--
2.32.0
View Git Blame Copy Permalink