Iyo purojekiti
Iyo purojekiti
Musiyano kubva kuOpenDPI unouya pasi kuzotsigira mamwe maprotocol, porting yeWindows platform, performance optimization, adaptation yekushandisa mune chaiyo-time traffic monitoring application (mamwe maficha akadzikisa injini akabviswa),
kugona kwegungano muchimiro cheLinux kernel module uye rutsigiro rwekutsanangura subprotocols.
Huwandu hwe238 protocol uye tsananguro yekushandisa inotsigirwa, kubva
OpenVPN, Tor, QUIC, SOCKS, BitTorrent uye IPsec kuTeregiramu,
Viber, WhatsApp, PostgreSQL uye kufona kuGmail, Office365
GoogleDocs uye YouTube. Kune sevha uye mutengi SSL chitupa decoder iyo inokutendera iwe kuti uone iyo protocol (semuenzaniso, Citrix Online uye Apple iCloud) uchishandisa encryption chitupa. Iyo nDPIreader utility inopihwa kuti iongorore zviri mukati pcap dumps kana ikozvino traffic kuburikidza netiweki interface.
$ ./nDPIreader -i eth0 -s 20 -f "host 192.168.1.10"
Maprotocol akaonekwa:
DNS mapaketi: 57 bytes: 7904 inoyerera: 28
SSL_No_Cert mapaketi: 483 bytes: 229203 inoyerera: 6
FaceBook mapaketi: 136 bytes: 74702 inoyerera: 4
DropBox mapaketi: 9 bytes: 668 inoyerera: 3
Skype mapaketi: 5 bytes: 339 inoyerera: 3
Google mapaketi: 1700 bytes: 619135 inoyerera: 34
Mukuburitswa kutsva:
- Ruzivo rweprotocol ikozvino runoratidzwa pakarepo parwaonekwa, pasina kumirira metadata yakazara kuti igamuchirwe (kunyangwe kana minda chaiyo isati yapatsanurwa nekuda kwekusagamuchira inoenderana network packet), izvo zvakakosha kune vanoongorora traffic iyo inofanirwa kupindura nekukurumidza. kune mamwe marudzi e traffic. Kune maapplication anoda yakazara protocol dissection, iyo ndpi_extra_dissection_possible () API inopihwa kuti ive nechokwadi chekuti metadata yese yeprotocol inotsanangurwa.
- Yakaita ongororo yakadzama yeTLS nekubviswa kweruzivo nezve kurongeka kwechitupa uye SHA-1 hashi yechitupa.
- Iyo "-C" mureza yakawedzerwa kune nDPIreader application yekutumira kunze muCSV fomati, izvo zvinoita kuti zvigoneke, uchishandisa iyo yekuwedzera ntop toolkit.
Ita zviverengero zvakaoma kunzwisisa. Semuenzaniso, kuona iyo IP yemushandisi akaona mafirimu paNetFlix kureba:$ ndpiReader -i netflix.pcap -C /tmp/netflix.csv
$ q -H -d ',' "sarudza src_ip,SUM(src2dst_bytes+dst2src_bytes) kubva /tmp/netflix.csv apo ndpi_proto se'% NetFlix%' boka ne src_ip"192.168.1.7,6151821
- Yakawedzerwa rutsigiro rwakakurudzirwa mukati
Cisco Joy nyanzvi kuona chiitiko chakaipa chakavigwa mutrafiki yakavharidzirwa uchishandisa saizi yepakiti uye kutumira nguva / kunonoka kuongorora. Mu ndpiReader, iyo nzira inoshandiswa ne "-J" sarudzo. - Kurongeka kweprotocol nemapoka kunopihwa.
- Yakawedzerwa rubatsiro rwekuverenga IAT (Inter-Arrival Time) kuti ione kukanganisa mukushandiswa kweprotocol, somuenzaniso, kuona kushandiswa kweprotocol panguva yekurwisa kweDoS.
- Yakawedzera dhata yekuongorora masimba zvichibva pane akaverengerwa metrics senge entropy, zvinoreva, mwero kutsauka, uye musiyano.
- Iyo yekutanga vhezheni yezvisungo zvemutauro wePython inokurudzirwa.
- Yakawedzera modhi yekuona mitsara inoverengwa mutraffic kuona kubuda kwedata. IN
ndpiReader modhi inogoneswa neiyo "-e" sarudzo. - Yakawedzera tsigiro yeTLS mutengi yekuzivisa nzira
JA3 , iyo inobvumira, zvichibva pane zvekubatanidza kutaurirana uye yakatarwa paramita, kuona kuti ndeipi software inoshandiswa kumisikidza chinongedzo (semuenzaniso, inobvumidza iwe kuona mashandisiro eTor uye mamwe maitiro akajairika). - Yakawedzerwa tsigiro yeSSH kuita yekuzivikanwa nzira (
HASSH ) uye DHCP. - Akawedzera mabasa e serializing uye deserializing data mukati
Type-Length-Value (TLV) uye JSON mafomati. - Yakawedzerwa rutsigiro rweprotocol nemasevhisi: DTLS (TLS pamusoro peUDP),
Huru,
TikTok/Musical.ly,
Vhidhiyo yeWhatsapp,
DNSoverHTTPS
datasaver,
mutsara,
Google Duo, Hangout,
wireGuard VPN,
ini,
zoom.us. - Yakavandudzwa rutsigiro rweTLS, SIP, STUN ongororo,
viber,
WhatsApp,
amazonvideo,
snapchat,
ftp,
QUIC
OpenVPN UDP,
Facebook Messenger uye Hangout.
Source: opennet.ru