Aikin ntop, wanda ke haɓaka kayan aiki don kamawa da kuma nazarin zirga-zirga, ya buga sakin nDPI 4.0 zurfin duba kayan aikin fakiti, wanda ke ci gaba da haɓaka ɗakin karatu na OpenDPI. An kafa aikin nDPI bayan yunƙurin tura sauye-sauye zuwa ma'ajiyar OpenDPI, wanda ba a kula ba. An rubuta lambar nDPI a cikin C kuma tana da lasisi ƙarƙashin LGPLv3.
Aikin yana ba ku damar ƙayyade ƙa'idodin matakin aikace-aikacen da aka yi amfani da su a cikin zirga-zirga, yin nazarin yanayin ayyukan cibiyar sadarwa ba tare da an ɗaure su da tashoshin sadarwa ba (zai iya tantance sanannun ka'idoji waɗanda masu sarrafa su ke karɓar haɗin kai a kan tashoshin sadarwa marasa daidaituwa, misali, idan http ne. An aika daga tashar jiragen ruwa ban da tashar jiragen ruwa 80, ko kuma, akasin haka, lokacin da suke ƙoƙarin kama wasu ayyukan cibiyar sadarwa azaman http ta hanyar gudanar da shi akan tashar jiragen ruwa 80).
Bambance-bambance daga OpenDPI sun haɗa da tallafi don ƙarin ladabi, jigilar kaya zuwa dandamali na Windows, haɓaka aiki, daidaitawa don amfani a aikace-aikacen sa ido kan zirga-zirgar lokaci (an cire wasu takamaiman fasalulluka waɗanda suka rage injin injin), ikon ginawa ta hanyar Linux kernel module, da goyan baya don ayyana ƙananan ka'idoji .
An tallafawa jimlar yarjejeniya da ma'anar aikace-aikacen 247, daga OpenVPN, Tor, QUIC, SOCKS, BitTorrent da IPsec zuwa Telegram, Viber, WhatsApp, PostgreSQL da kira zuwa GMail, Office365 GoogleDocs da YouTube. Akwai uwar garken da abokin ciniki SSL decoder decoder wanda ke ba ku damar tantance ƙa'idar (misali, Citrix Online da Apple iCloud) ta amfani da takardar shaidar ɓoyewa. Ana ba da kayan aikin nDPIreader don nazarin abubuwan da ke cikin jujjuyawar pcap ko zirga-zirga na yanzu ta hanyar hanyar sadarwa.
$ ./nDPIreader -i eth0 -s 20 -f "mai masaukin 192.168.1.10" An gano ladabi: fakitin DNS: 57 bytes: 7904 yana gudana: 28 SSL_No_Cert fakiti: 483 bytes: 229203 ta hanyar bututu: 6 Fakiti 136: Fakiti 74702 4 DropBox fakiti: 9 bytes: 668 yana gudana: 3 fakiti na Skype: 5 bytes: 339 yana gudana: 3 fakitin Google: 1700 bytes: 619135 yana gudana: 34
A cikin sabon saki:
- Ingantattun goyan baya don hanyoyin bincike na zirga-zirgar ɓoyayyiyar hanya (ETA - Rufaffen Binciken Traffic).
- An aiwatar da tallafi don ingantaccen hanyar gano abokin ciniki na JA3+ TLS, wanda ke ba da izini, dangane da fasalin tattaunawar haɗin gwiwa da ƙayyadaddun sigogi, don tantance waɗanne software ake amfani da su don kafa haɗin gwiwa (alal misali, yana ba ku damar ƙayyade amfani da Tor kuma sauran aikace-aikace na yau da kullun). Ba kamar hanyar JA3 da aka goyan baya a baya ba, JA3+ yana da ƴan ƙima na ƙarya.
- Adadin barazanar cibiyar sadarwar da aka gano da matsalolin da ke da alaƙa da haɗarin daidaitawa (haɗarin kwarara) an haɓaka zuwa 33. An ƙara sabbin abubuwan gano barazanar da ke da alaƙa da tebur da raba fayil, zirga-zirgar HTTP da ake tuhuma, JA3 da SHA1 mai cutarwa, da samun dama ga matsala. yankuna da tsarin masu cin gashin kansu, amfani da takaddun shaida na TLS tare da tsawaita shakku ko tsawon lokacin inganci.
- An aiwatar da ingantaccen ingantaccen aiki; idan aka kwatanta da reshe na 3.0, saurin sarrafa zirga-zirga ya karu da sau 2.5.
- Ƙara goyon bayan GeoIP don ƙayyade wuri ta adireshin IP.
- API ɗin da aka ƙara don ƙididdige RSI (Ƙarfin Ƙarfi).
- An aiwatar da sarrafa rarrabuwa.
- API ɗin da aka ƙara don ƙididdige daidaiton kwararar ruwa (jitter).
- Ƙara goyon baya don ladabi da ayyuka: Daga cikinUs, AVAST SecureDNS, CPHA (CheckPoint High Availability Protocol), DisneyPlus, DTLS, Genshin Impact, HP Virtual Machine Group Management (hpvirtgrp), Mongodb, Pinterest, Reddit, Snapchat VoIP, Tumblr, Virtual Assistant Alexa , Siri), Z39.50.
- Inganta bincike da gano AnyDesk, DNS, Hulu, DCE/RPC, dnscrypt, Facebook, Fortigate, FTP Control, HTTP, IEC104, IEC60870, IRC, Netbios, Netflix, Ookla speedtest, openspeedtest.com, Outlook / MicrosoftMail, QUIC, RTSP ladabi , RTSP ta HTTP, SNMP, Skype, SSH, Steam, STUN, TeamViewer, TOR, TLS, UPnP, waya mai tsaro.
source: budenet.ru