nDPI 4.6 ya zo tare da goyan bayan sababbin ladabi, ayyuka da ƙari

Darkcrizt

4 minti

nDPI

nDPI® bude tushen ɗakin karatu ne na LGPLv3 don zurfin duba fakiti. Dangane da OpenDPI, ya haɗa da kari na ntop.

The saki sabon sigar nDPI 4.6 wanda ke gabatar da gyare-gyare da yawa, da kuma goyan baya ga ƙarin ƙa'idodi da ƙaƙƙarfan godiya ga lambar fuzzing da aka gabatar a cikin wannan sigar. An inganta hakar metadata na yarjejeniya a cikin ka'idoji da yawa, kamar yadda ake gano DGA a cikin sunayen masu masaukin baki, a tsakanin sauran abubuwa.

nDPI An nuna shi ta hanyar amfani da ntop da nProbe don ƙara gano ladabi a matakin aikace -aikacen, ba tare da la’akari da tashar jiragen ruwa da ake amfani da ita ba. Wannan yana nufin cewa ana iya gano ƙa'idodin ladabi akan tashoshin jiragen ruwa marasa daidaituwa.

Wannan aikin yana ba ku damar ƙayyade ƙa'idodin matakan aikace-aikacen da aka yi amfani da su a cikin zirga-zirgar ta hanyar nazarin yanayin ayyukan cibiyar sadarwa ba tare da daurewa tashoshin tashoshin sadarwa ba (zaku iya tantance sanannun ladabi waɗanda direbobinsu ke karɓar haɗin kan tashoshin tashar da ba ta dace ba, misali idan ba a aiko da http ba daga tashar jiragen ruwa ta 80 ba, ko kuma, akasin haka, lokacin da suke ƙoƙarin ɓoye wasu ayyukan cibiyar sadarwa kamar http da ke gudana akan tashar jiragen ruwa 80).

Babban sabbin abubuwan nDPI 4.6

A cikin sabon sakin nDPI 4.6, an ba da ikon ayyana ka'idoji na al'ada ta amfani da matatun nBPF (misali: 'nbpf:»host 192.168.1.1 da tashar jiragen ruwa 80″@HomeRouter').

Hakanan An inganta aikin nazarin zirga-zirga sosai, da kuma gano WebShell da lambar PHP a cikin URLs HTTP da ma'anar DGA (Domain Generational Algorithm).

An faɗaɗa kewayon barazanar cibiyar sadarwa da aka gano hade da sadaukarwa kasadar (hadarin kwarara). Ƙarin tallafi don sababbin nau'ikan barazanar: NDPI_HTTP_OBSOLETE_SERVER (yana gano tsoffin nau'ikan Apache da nginx), NDPI_PERIODIC_FLOW, NDPI_MINOR_ISSUES, NDPI_TCP_ISSUES.

Wani sabon abu da aka gabatar a cikin wannan sabon sigar su ne An aiwatar da gwaje-gwaje masu ban mamaki tare da ingantaccen duba umarnin AES-NI da haɓakawa da aka yi don jera bayanai a cikin tsarin JSON.

A gefe guda, an kuma haskaka hakan ƙarin ƙididdiga don Patricia, Ahocarasick da LRU cache, haka kuma mai daidaitawa na LRU cache shigar tsufa dabaru, goyon baya ga rafukan RTP don yawo metadata, kuma mai amfani na ndpiReader yana aiwatar da goyan baya ga ka'idar Linux Cooked Capture v2.

A ɓangaren ƙarin tallafi don ƙa'idodi da ayyuka:

  • Activision
  • Samun damar uwar garken AliCloud
  • KYAUTA
  • CryNetwork
  • Anidesk
  • Bittorrent (gyara amincewa, ganowa akan TCP)
  • DNS, ƙara ikon yanke bayanan PTR na DNS da aka yi amfani da su don warware ƙudurin adireshi
  • DTLS (gutsattsarin takaddun hannu)
  • Kiran VoIP na Facebook
  • FastCGI (raba PARAMS)
  • FortiClient (sabuntawa tsoffin tashoshin jiragen ruwa)
  • Zama
  • edns
  • Elasticsearch
  • Karshe
  • Kismet
  • Liane App da Layin VoIP kira
  • Meraki Cloud
  • munin
  • NATPMP
  • HTTP subclassification
  • Bincika don komai/bacewar wakilin mai amfani a HTTP
  • IRC (binciken takardun shaida)
  • Jabber / XMPP
  • Kerberos (goyan bayan saƙonnin Kuskuren Krb)
  • LDAP
  • MGCP
  • MONGODB (ka guje wa abubuwan karya)
  • Syncthing
  • TP-LINK Smart Home
  • LAN ku
  • SoftPaI Mai Taushi
  • Matsayin wutsiya
  • TiVoConnect
  • SNMP
  • SMB (tallafi don saƙon da aka raba zuwa sassan TCP da yawa)
  • SMTP (goyan bayan umarnin X-ANONYMOUSTLS)
  • STUN
  • SKYPE (inganta ganowa akan UDP, cire ganowa akan TCP)
  • Teamspeak3 (Lasisi/Gano jerin Yanar Gizo)
  • Threema Messenger
  • Zuƙowa
  • Ƙara gano raba allo na zuƙowa
  • Ƙara gano hanyoyin zuƙowa-zuwa-tsara a cikin STUN
  • Hangout/Duo Voip ya kira ganowa, inganta bincike a cikin bishiyar yarjejeniya
  • HTTP
  • Gudanar da HTTP-Proxy da HTTP-Connect
  • Postgreshi
  • POP3
  • QUIC (goyan bayan fakitin 0-RTT da aka karɓa kafin farkon)
  • Snapchat VoIP kira

Finalmente idan kuna sha'awar ƙarin sani game da shi Game da wannan sabon sigar, zaku iya bincika cikakkun bayanai a cikin bin hanyar haɗi.

Yadda ake shigar nDPI akan Linux?

Ga waɗanda ke da sha'awar samun damar shigar da wannan kayan aiki a kan tsarin su, za su iya yin haka ta bin umarnin da muka raba a ƙasa.

Domin shigar da kayan aiki, dole ne mu zazzage lambar tushe kuma mu haɗa shi, amma kafin haka idan sun kasance Debian, Ubuntu ko masu amfani masu amfani Daga cikin waɗannan, dole ne mu fara shigar da masu zuwa:

sudo apt-get install build-essential git gettext flex bison libtool autoconf automake pkg-config libpcap-dev libjson-c-dev libnuma-dev libpcre2-dev libmaxminddb-dev librrd-dev

Game da wadanda suke Masu amfani da Arch Linux:

sudo pacman -S gcc git gettext flex bison libtool autoconf automake pkg-config libpcap json-c numactl pcre2 libmaxminddb rrdtool

Yanzu, don tattarawa, dole ne mu zazzage lambar tushe, wanda zaku iya samu ta hanyar bugawa:

git clone https://github.com/ntop/nDPI.git

cd nDPI

Kuma mun ci gaba da tattara kayan aikin ta hanyar buga:

./autogen.sh
make

Idan kuna sha'awar ƙarin sani game da amfani da kayan aiki, zaku iya duba mahaɗin mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.