Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > nDPI 3.0 Deep Packet Inspection ikupezeka

nDPI 3.0 Deep Packet Inspection ikupezeka

Ntchitoyi pamwamba, kupanga zida zojambulira ndi kusanthula magalimoto, lofalitsidwa kutulutsidwa kwa zida zowunikira mozama phukusi nDPI 3.0, kupitiriza ntchito yokonza laibulale OpenDPI. Pulojekiti ya nDPI idakhazikitsidwa pambuyo poyesa kosatheka kusamutsa zosintha posungira OpenDPI, yomwe idasiyidwa osatsagana nayo. Khodi ya nDPI imalembedwa mu C ndi wogawidwa ndi zololedwa pansi pa LGPLv3.

Ntchitoyi timatha kudziwa ma protocol omwe amagwiritsidwa ntchito mumsewu, kusanthula momwe ntchito za netiweki zimagwirira ntchito popanda kumangirizidwa ndi ma netiweki (amatha kuzindikira ma protocol odziwika bwino omwe owongolera amavomereza kulumikizidwa pamadoko osagwirizana ndi netiweki, mwachitsanzo, ngati http siinatumizidwe kuchokera port 80, kapena, mosiyana, pamene ena amayesa kubisa zochitika zina zapaintaneti monga http poyendetsa pa doko 80).

Kusiyana kwa OpenDPI kumabwera kudzathandizira ma protocol owonjezera, kuyika pa nsanja ya Windows, kukhathamiritsa kwa magwiridwe antchito, kusintha kuti mugwiritse ntchito pakuwunika kuchuluka kwa magalimoto munthawi yeniyeni (zina zomwe zidachedwetsa injini zachotsedwa),
luso la msonkhano mu mawonekedwe a Linux kernel module ndi chithandizo chofotokozera ma subprotocols.

Chiwerengero cha 238 protocol ndi matanthauzo a ntchito amathandizidwa, kuchokera
OpenVPN, Tor, QUIC, SOCKS, BitTorrent ndi IPsec ku Telegraph,
Viber, WhatsApp, PostgreSQL ndi mafoni ku Gmail, Office365
GoogleDocs ndi YouTube. Pali seva ndi kasitomala SSL decoder satifiketi yomwe imakupatsani mwayi wodziwa protocol (mwachitsanzo, Citrix Online ndi Apple iCloud) pogwiritsa ntchito satifiketi yobisa. Ntchito ya nDPIreader imaperekedwa kuti ifufuze zomwe zili mu pcap dumps kapena kuchuluka kwa magalimoto omwe alipo kudzera pa intaneti.

$ ./nDPIreader -i eth0 -s 20 -f "host 192.168.1.10"

Ma protocol omwe apezeka:
DNS mapaketi: 57 byte: 7904 ikuyenda: 28
SSL_No_Cert mapaketi: 483 byte: 229203 ikuyenda: 6
Mapaketi a FaceBook: 136 byte: 74702 ikuyenda: 4
Mapaketi a DropBox: 9 byte: 668 ikuyenda: 3
Mapaketi a Skype: 5 byte: 339 ikuyenda: 3
Mapaketi a Google: 1700 byte: 619135 ikuyenda: 34

M'kutulutsa kwatsopano:

  • Chidziwitso chokhudza protocol tsopano chikuwonetsedwa nthawi yomweyo pakutanthauzira, popanda kudikirira kuti metadata yonse ilandire (ngakhale madera enaake sanadulidwe chifukwa cholephera kulandira mapaketi amtundu wapaintaneti), zomwe ndizofunikira kwa owunikira magalimoto omwe amafunikira nthawi yomweyo. kuyankha kumitundu ina yamagalimoto. Pamapulogalamu omwe amafunikira kugawanika kwathunthu kwa protocol, ndpi_extra_dissection_possible() API imaperekedwa kuti zitsimikizire kuti metadata yonse ya protocol yafotokozedwa.
  • Kukhazikitsa kuyika mozama kwa TLS, kutulutsa zambiri za kulondola kwa satifiketi ndi SHA-1 hash ya satifiketi.
  • Mbendera ya "-C" yawonjezedwa ku pulogalamu ya nDPIreader kuti itumizidwe kunja mumtundu wa CSV, zomwe zimapangitsa kuti zitheke kugwiritsa ntchito zida zowonjezera za ntop. kuchita zovuta ziwerengero zitsanzo. Mwachitsanzo, kudziwa IP ya wosuta yemwe adawonera makanema pa NetFlix motalika kwambiri:

    $ ndpiReader -i netflix.pcap -C /tmp/netflix.csv
    $ q -H -d ',' "sankhani src_ip,SUM(src2dst_bytes+dst2src_bytes) kuchokera ku /tmp/netflix.csv kumene ndpi_proto ngati gulu la '% NetFlix%' ndi src_ip"

    192.168.1.7,6151821

  • Thandizo lowonjezera pazomwe zidaperekedwa Cisco Joy akatswiri kuzindikira zochitika zoyipa zobisika mumsewu wobisika pogwiritsa ntchito kukula kwa paketi ndikutumiza kusanthula kwanthawi / latency. Mu ndpiReader, njirayo imayendetsedwa ndi "-J" njira.
  • Kugawidwa kwa ma protocol m'magulu kumaperekedwa.
  • Thandizo lowonjezera pakuwerengera IAT (Nthawi Yofika Pakati) kuti muzindikire zolakwika pakugwiritsa ntchito protocol, mwachitsanzo, kuzindikira kugwiritsa ntchito protocol panthawi yakuukira kwa DoS.
  • Kuwonjezedwa kwa kuthekera kosanthula deta kutengera ma metric owerengeka monga entropy, mean, kupatuka kokhazikika, ndi kusiyana.
  • Mtundu woyamba wa zomangira za chilankhulo cha Python waperekedwa.
  • Onjezani njira yodziwira zingwe zowerengeka pamagalimoto kuti muwone kutayikira kwa data. MU
    ndpiReader mode imayatsidwa ndi "-e" njira.

  • Thandizo lowonjezera la njira yozindikiritsira kasitomala wa TLS JA3, zomwe zimakupatsani mwayi wodziwa, kutengera mawonekedwe a kulumikizana kolumikizana ndi magawo ena, pulogalamu yomwe imagwiritsidwa ntchito kukhazikitsa kulumikizana (mwachitsanzo, imakupatsani mwayi wodziwa kugwiritsa ntchito Tor ndi mapulogalamu ena).
  • Thandizo lowonjezera la njira zozindikiritsira ma SSH (HASSH) ndi DHCP.
  • Zowonjezera zopangira ma seriali ndi kuchotseratu deta
    Mitundu ya-Length-Value (TLV) ndi ma JSON.

  • Zowonjezera zothandizira ma protocol ndi ntchito: DTLS (TLS over UDP),
    bulu,
    TikTok/Musical.ly,
    WhatsApp Video,
    DNSoverHTTPS
    Wosungira data
    Line,
    Google Duo, Hangout,
    WireGuard VPN,
    IMO
    Zoom.us.

  • Thandizo labwino la TLS, SIP, STUN kusanthula,
    viber,
    WhatsApp,
    Amazon Video,
    SnapChat
    ftp,
    Mendulo
    OpenVPN UDP,
    Facebook Messenger ndi Hangout.

Source: opennet.ru

Kuwonjezera ndemanga