Wannan aikin , haɓaka kayan aiki don kamawa da nazarin zirga-zirga, saki kayan aiki don zurfin duba kunshin , ci gaba da bunkasa ɗakin karatu . An kafa aikin nDPI bayan yunƙurin canja wurin canje-canje zuwa ga rashin nasara OpenDPI, wanda aka bari ba tare da rakiya ba. An rubuta lambar nDPI a cikin C da lasisi a ƙarƙashin LGPLv3.
Wannan aikin Ƙayyade ƙa'idodin matakin aikace-aikacen da aka yi amfani da su a cikin zirga-zirga, nazarin yanayin ayyukan cibiyar sadarwa ba tare da ɗaure su da tashar jiragen ruwa ba (na iya gano sanannun ka'idoji waɗanda masu sarrafa su ke karɓar haɗin kai a kan tashoshin sadarwa marasa daidaituwa, misali, idan ba a aika http ba daga. port 80, ko kuma, akasin haka, lokacin da wasu suka yi ƙoƙarin kama wasu ayyukan cibiyar sadarwa a matsayin http ta hanyar gudanar da shi akan tashar jiragen ruwa 80).
Bambance-bambance daga OpenDPI sun sauko don tallafawa ƙarin ladabi, jigilar kaya don dandamali na Windows, haɓaka aiki, daidaitawa don amfani a aikace-aikacen don sa ido kan zirga-zirgar ababen hawa a ainihin lokacin (an cire wasu takamaiman fasalulluka waɗanda suka rage injin injin),
iyawar taro a cikin nau'in ƙirar kernel na Linux da goyan baya don ayyana ƙananan ka'idoji.
An tallafawa jimlar yarjejeniya 238 da ma'anar aikace-aikacen, daga
BudeVPN, Tor, QUIC, SOCKS, BitTorrent da IPsec zuwa Telegram,
Viber, WhatsApp, PostgreSQL da kira zuwa GMail, Office365
GoogleDocs da YouTube. Akwai uwar garken da abokin ciniki SSL decoder decoder wanda ke ba ku damar tantance ƙa'idar (misali, Citrix Online da Apple iCloud) ta amfani da takaddun ɓoyewa. Ana ba da kayan aikin nDPIreader don nazarin abubuwan da ke cikin jujjuyawar pcap ko zirga-zirga na yanzu ta hanyar hanyar sadarwa.
$ ./nDPIreader -i eth0 -s 20 -f "mai masaukin baki 192.168.1.10"
Ka'idojin da aka gano:
Fakitin DNS: 57 bytes: 7904 gudana: 28
SSL_No_Cert fakiti: 483 bytes: 229203 gudana: 6
Fakitin FaceBook: 136 bytes: 74702 gudana: 4
DropBox fakiti: 9 bytes: 668 gudana: 3
Fakitin Skype: 5 bytes: 339 gudana: 3
Fakitin Google: 1700 bytes: 619135 gudana: 34
A cikin sabon saki:
- Bayani game da ƙa'idar yanzu ana nuna shi nan da nan akan ma'anar, ba tare da jiran cikakkun bayanan metadata ba (ko da ba a riga an tantance takamaiman filayen ba saboda gazawar karɓar fakitin cibiyar sadarwa daidai), wanda ke da mahimmanci ga masu nazarin zirga-zirgar ababen hawa waɗanda ke buƙatar nan da nan. amsa ga wasu nau'ikan zirga-zirga. Don aikace-aikacen da ke buƙatar cikakkiyar rarrabawar yarjejeniya, an samar da ndpi_extra_dissection_possible() API don tabbatar da cewa an ayyana duk metadata na yarjejeniya.
- An aiwatar da zurfafa zurfafa bincike na TLS, fitar da bayanai game da daidaiton takardar shaidar da SHA-1 hash na takardar shaidar.
- An ƙara tutar "-C" zuwa aikace-aikacen nDPIreader don fitarwa a cikin tsarin CSV, wanda ke ba da damar yin amfani da ƙarin kayan aikin ntop. quite hadaddun statistics samfurori. Misali, don tantance IP na mai amfani wanda ya kalli fina-finai akan NetFlix mafi tsayi:
$ ndpiReader -i netflix.pcap -C /tmp/netflix.csv
$ q -H -d ',' "zabi src_ip, SUM(src2dst_bytes+dst2src_bytes) daga /tmp/netflix.csv inda ndpi_proto kamar '%NetFlix%' rukuni ta src_ip"192.168.1.7,6151821
- Ƙara goyon baya ga abin da aka gabatar a ciki gano munanan ayyuka da aka ɓoye a cikin ɓoyayyun zirga-zirga ta amfani da girman fakiti da aika bincike na lokaci/latency. A cikin ndpiReader, ana kunna hanyar ta zaɓin “-J”.
- An ba da rarrabuwar ka'idoji zuwa rukuni.
- Ƙarin tallafi don ƙididdige IAT (Lokacin Zuwan-Inter-Arrival) don gano abubuwan da ba su dace ba a cikin amfani da yarjejeniya, misali, don gano amfani da ƙa'idar yayin harin DoS.
- Ƙara ƙarfin nazarin bayanai bisa ƙididdiga ma'auni kamar entropy, ma'ana, daidaitaccen karkata, da bambance-bambance.
- An gabatar da sigar farko ta ɗaurin harshen Python.
- An ƙara yanayi don gano kirtani da za a iya karantawa a cikin zirga-zirga don gano ɓoyayyen bayanai. IN
An kunna yanayin ndpiReader tare da zaɓin "-e". - Ƙara tallafi don hanyar tantance abokin ciniki na TLS , wanda ke ba ku damar tantancewa, dangane da halayen haɗin haɗin gwiwa da ƙayyadaddun sigogi, waɗanne software ake amfani da su don kafa haɗin gwiwa (alal misali, yana ba ku damar ƙayyade amfani da Tor da sauran aikace-aikacen daidaitattun).
- Ƙara goyon baya don hanyoyin gano ayyukan SSH () da DHCP.
- Ƙara ayyuka don serializing da ɓata bayanai a ciki
Nau'in-Length-Value (TLV) da tsarin JSON. - Ƙara goyon baya don ladabi da ayyuka: DTLS (TLS akan UDP),
hulu,
TikTok/Musical.ly,
WhatsApp Video,
DNSoverHTTPS
Mai adana bayanai
Layi,
Google Duo, Hangout,
WireGuard VPN,
- IMO,
Zuƙowa.us. - Ingantaccen tallafi don TLS, SIP, STUN bincike,
- Viber,
WhatsApp,
Amazon Video,
SnapChat
ftp,
QUIC
Bude VPN UDP,
Facebook Messenger da Hangout.
source: budenet.ru