Aikin ntop, wanda ke haɓaka kayan aiki don kamawa da kuma nazarin zirga-zirga, ya buga sakin nDPI 4.4 zurfin duba kayan aikin fakiti, wanda ke ci gaba da haɓaka ɗakin karatu na OpenDPI. An kafa aikin nDPI bayan yunƙurin tura sauye-sauye zuwa ma'ajiyar OpenDPI, wanda ba a kula ba. An rubuta lambar nDPI a cikin C kuma tana da lasisi ƙarƙashin LGPLv3.
Tsarin yana ba ku damar ƙayyade ƙa'idodin matakin aikace-aikacen da aka yi amfani da su a cikin zirga-zirgar zirga-zirga, yin nazarin yanayin ayyukan cibiyar sadarwa ba tare da ɗaure su da tashar jiragen ruwa ba (zai iya tantance sanannun ka'idoji waɗanda masu sarrafa su ke karɓar haɗin kai akan tashoshin sadarwa marasa daidaituwa, misali. idan ba a aika http daga tashar jiragen ruwa 80 ba, ko kuma, akasin haka, lokacin da suke ƙoƙarin kama sauran ayyukan cibiyar sadarwa azaman http ta hanyar gudanar da shi akan tashar jiragen ruwa 80).
Bambance-bambance daga OpenDPI sun haɗa da goyan baya don ƙarin ladabi, jigilar kaya zuwa dandamali na Windows, haɓaka aiki, daidaitawa don amfani a aikace-aikacen sa ido kan zirga-zirga na lokaci-lokaci (an cire wasu takamaiman fasalulluka waɗanda suka rage injin injin), ikon ginawa ta hanyar Linux kernel module, da goyan baya don ayyana ƙananan ka'idoji .
Gabaɗaya, ana tallafawa ma'anar kusan ƙa'idodi da ƙa'idodi 300, daga OpenVPN, Tor, QUIC, SOCKS, BitTorrent da IPsec zuwa Telegram, Viber, WhatsApp, PostgreSQL da kira zuwa GMail, Office365, GoogleDocs da YouTube. Akwai uwar garken da abokin ciniki SSL decoder decoder wanda ke ba ku damar tantance ƙa'idar (misali, Citrix Online da Apple iCloud) ta amfani da takaddun ɓoyewa. Ana ba da kayan aikin nDPIreader don nazarin abubuwan da ke cikin jujjuyawar pcap ko zirga-zirga na yanzu ta hanyar hanyar sadarwa.
A cikin sabon saki:
- Ƙara metadata tare da bayani game da dalilin kiran mai gudanarwa don wata barazana ta musamman.
- An ƙara aikin ndpi_check_flow_risk_exceptions() don haɗa masu kula da barazanar cibiyar sadarwa.
- An sanya rarrabuwa zuwa ka'idojin cibiyar sadarwa (misali, TLS) da ka'idojin aikace-aikace (misali, ayyukan Google).
- An ƙara sabbin matakan sirri guda biyu: NDPI_CONFIDENCE_DPI_PARTIAL da NDPI_CONFIDENCE_DPI_PARTIAL_CACHE.
- Ƙara samfuri don ayyana amfani da sabis na WARP na Cloudflare
- An maye gurbin aiwatar da hashmap na ciki da uthash.
- An sabunta ɗaurin harshen Python.
- Ta hanyar tsoho, an kunna aiwatar da gcrypt da aka gina a ciki (an ba da zaɓi na --with-libgcrypt don amfani da aiwatar da tsarin).
- An faɗaɗa kewayon barazanar cibiyar sadarwa da aka gano da matsalolin da ke da alaƙa da haɗarin sasantawa (hadarin kwarara). Ƙara tallafi don sababbin nau'ikan barazanar: NDPI_PUNYCODE_IDN, NDPI_ERROR_CODE_DETECTED, NDPI_HTTP_CRAWLER_BOT da NDPI_ANONYMOUS_SUBSCRIBER.
- Ƙara goyon baya don ladabi da ayyuka:
- Al'adar
- i3D
- Wasannin Riot
- tsan
- TunnelBear VPN
- tattara
- PIM (Independent Multicast)
- Babban Multicast na Pragmatic (PGM)
- HSR
- Kayayyakin GoTo irin su GoToMeeting
- Dazan
- MPEG-DASH
- Agora Software Defined Real-time Network (SD-RTN)
- Taba baki
- VXLAN
- DMNS/LLMNR
- Ingantattun bincike da ganowa:
- SMTP/SMTPS (An ƙara tallafin STARTTLS)
- OCSP
- TargusDataspeed
- Usenet
- DTLS
- TFTP
- SOAP ta hanyar HTTP
- Tasirin Genshin
- IPSec/ISAKMP
- DNS
- syslog
- DHCP
- NATS
- Viber
- Xiaomi
- Raknet
- gnutella
- Kerberos
- QUIC (ƙara goyan baya don ƙayyadaddun v2drft 01)
- SSDP
- SNMP
- ADI
- AES-NI
source: budenet.ru