nDPI 4.6 inosvika nerutsigiro rwemaprotocol matsva, masevhisi uye nezvimwe

Darkcrizt

4 maminitsi

nDPI

nDPI® ndeye yakavhurika sosi LGPLv3 raibhurari yekudzika pakiti yekuongorora. Kubva pane OpenDPI, inosanganisira Ntop extensions.

The kuburitswa kweiyo vhezheni itsva ye nDPI 4.6 iyo inosuma kuvandudzwa kwakati wandei, pamwe nerutsigiro rwemamwe maprotocol uye kusimba nekuda kweiyo fuzzing kodhi yakaunzwa mune iyi vhezheni. Protocol metadata yekuwedzera yakagadziridzwa pane akati wandei maprotocol, sezvakaita DGA yekuona mumazita ekugamuchira, pakati pezvimwe zvinhu.

nDPI Iyo inoratidzirwa nekushandiswa neese ari maviri ntop uye nProbe kuwedzera iyo yekuonekwa kwemaprotocol pamusara wekushandisa, kunyangwe chiteshi chiri kushandiswa. Izvi zvinoreva kuti zvinokwanisika kuona inozivikanwa protocols pane asiri-akaenzana madoko.

Iyo purojekiti inobvumidza iwe kuti uone iyo yekushandisa-chikamu maprotocol anoshandiswa mune traffic nekuongorora hunhu hwe netiweki chiitiko pasina kusunga kune network network (unogona kuona maprotocol anozivikanwa ayo madhiraivha anogamuchira kubatana pane asiri-akaenzana network ports, semuenzaniso kana http isina kutumirwa kubva pachiteshi 80, kana, zvakadaro, kana ivo vachiedza kufukidza imwe network zviitiko zvakaita se http inomhanya pachiteshi 80).

Main nyowani maficha eNDPI 4.6

Mukuburitswa kutsva kwenDPI 4.6, yakapa kugona kutsanangura tsika protocol uchishandisa nBPF mafirita (semuenzaniso: 'nbpf:» host 192.168.1.1 uye port 80″@HomeRouter').

Tambien traffic analysis performance yakagadziridzwa zvakanyanya, pamwe nekuonekwa kweWebShell uye PHP kodhi muHTTP URLs uye tsananguro yeDGA (Domain Generational Algorithm).

Huwandu hwekutyisidzirwa netiweki dzakaonekwa uye nyaya dzawedzerwa yakabatana nenjodzi yekuzvipira (njodzi yekuyerera). Yakawedzerwa tsigiro yemhando nyowani dzekutyisidzira: NDPI_HTTP_OBSOLETE_SERVER (inoona shanduro dzekare dzeApache nenginx), NDPI_PERIODIC_FLOW, NDPI_MINOR_ISSUES, NDPI_TCP_ISSUES.

Chimwe chitsva chinoratidzwa mune iyi vhezheni itsva ndeye fuzzing bvunzo dzakaitwa pamwe nekuvandudzwa kwekutarisa kweAES-NI mirairo uye kuvandudzwa kwakaitwa kune data serialization muJSON fomati.

Kune rimwe divi, zvinoratidzwawo izvo yakawedzera manhamba ePatricia, Ahocarasick uye LRU cache, pamwe nekugadziriswa LRU cache yekupinda kuchembera logic, tsigiro yeRTP hova kufambisa metadata, uye kuti ndpiReader utility inoshandisa tsigiro yeLinux Yakabikwa Capture v2 protocol.

Pachikamu chekuwedzera kwekutsigira kweprotocol nemasevhisi:

  • Activision
  • AliCloud server kuwana
  • AVAST
  • CryNetwork
  • Anydesk
  • Bittorrent (gadzirisa kuvimba, kuona pamusoro peTCP)
  • DNS, wedzera kugona kudhidha DNS PTR marekodhi anoshandiswa kudzosera kero kugadzirisa
  • DTLS (bata zvimedu zvetifiketi)
  • Facebook VoIP mafoni
  • FastCGI (dissect PARAMS)
  • FortiClient (gadziridza default ports)
  • Kurwisana
  • edns
  • Elasticsearch
  • FastCGI
  • Kismet
  • Liane App uye Line VoIP mafoni
  • Meraki Cloud
  • muanin
  • NATPMP
  • HTTP subclassification
  • Tarisa uone isina chinhu/isipo mushandisi-mumiriri muHTTP
  • IRC (cheki yezvinyorwa)
  • Jabber / XMPP
  • Kerberos (rutsigiro rweKrb-Error meseji)
  • LDAP
  • MGCP
  • MONGODB (Dzivisa manyepo enhema)
  • Syncthing
  • TP-LINK Smart Home
  • LAN YAKO
  • SoftEtherVPN
  • tailscale
  • TiVoConnect
  • SNMP
  • SMB (rutsigiro rwemashoko akakamurwa kuita akawanda TCP zvikamu)
  • SMTP (rutsigiro rwemirairo yeX-ANONYMOUSTLS)
  • STUN
  • SKYPE (natsiridza kuonekwa pamusoro peUDP, bvisa kuonekwa pamusoro peTCP)
  • Teamspeak3 (License/Weblist yekuona)
  • Threema Messenger
  • Zoom
  • Wedzera Zoom skrini yekugovana yekuona
  • Wedzera kuonekwa kweZoom peer-to-peer inoyerera muSTUN
  • Hangout/Duo Voip inodaidza kuonekwa, gadzirisa kutarisisa mumuti weprotocol
  • HTTP
  • Kubata kweHTTP-Proxy uye HTTP-Connect
  • postgres
  • POP3
  • QUIC (rutsigiro rwe0-RTT mapaketi akagamuchirwa isati yatanga)
  • Snapchat VoIP inofona

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo Nezve iyi vhezheni vhezheni, iwe unogona kutarisa izvo zvinyorwa mu inotevera chinongedzo.

Maitiro ekuisa nDPI paLinux?

Kune avo vanofarira kukwanisa kuisa chishandiso ichi pane yavo system, vanogona kuzviita nekutevera mirairo yatinogovera pazasi.

Kuti uise chishandiso, isu tinofanirwa kudhawunirodha kodhi kodhi uye kuiunganidza, asi zvisati zvaitika kana varipo Debian, Ubuntu kana vashandisi vanobva Pane izvi, tinofanira kutanga taisa zvinotevera:

sudo apt-get install build-essential git gettext flex bison libtool autoconf automake pkg-config libpcap-dev libjson-c-dev libnuma-dev libpcre2-dev libmaxminddb-dev librrd-dev

Panyaya yeavo vari Arch Linux vashandisi:

sudo pacman -S gcc git gettext flex bison libtool autoconf automake pkg-config libpcap json-c numactl pcre2 libmaxminddb rrdtool

Zvino, kuti tiunganidze, isu tinofanirwa kudhawunirodha kodhi kodhi, iyo yaunogona kuwana nekunyora:

git clone https://github.com/ntop/nDPI.git

cd nDPI

Uye isu tinoenderera mberi nekuunganidza chishandiso nekunyora:

./autogen.sh
make

Kana iwe uchida kuziva zvakawanda nezve kushandiswa kwechishandiso, unogona tarisa chinotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako