Morero , ho etsa lisebelisoa tsa ho hapa le ho sekaseka sephethephethe, ho lokolloa ha lisebelisoa bakeng sa tlhahlobo e tebileng ea liphutheloana , ho ntšetsa pele ntlafatso ea laebrari . Morero oa nDPI o thehiloe ka mor'a teko e sa atleheng ea ho fetisetsa liphetoho ho OpenDPI, e ileng ea sala e sa tsamaee. Khoutu ea nDPI e ngotsoe ka C le e fuoe laesense tlasa LGPLv3.
Morero etsa qeto ea liprothokholo tsa boemo ba ts'ebeliso e sebelisoang sephethephetheng, ho sekaseka mofuta oa ts'ebetso ea marang-rang ntle le ho tlamelloa likoung tsa marang-rang (e ka tsebahatsa liprothokholo tse tsebahalang tseo bats'oari ba tsona ba amohelang likhokahano ho likoung tse sa tloaelehang tsa marang-rang, mohlala, haeba http e sa romelloa ho tsoa port 80, kapa, ka lehlakoreng le leng, ha ba bang ba leka ho pata mesebetsi e meng ea marang-rang e le http ka ho e tsamaisa ho port 80).
Phapang e tsoang ho OpenDPI e theohile ho ts'ehetsa liprothokholo tse ling, ho tsamaisa sethala sa Windows, ho ntlafatsa ts'ebetso, ho ikamahanya le maemo ho sebelisoa lits'ebetsong tsa ho lekola sephethephethe ka nako ea nnete (likarolo tse ling tse ileng tsa fokotsa lebelo la enjene li tlositsoe),
bokhoni ba kopano ka sebopeho sa module ea Linux kernel le ts'ehetso ea ho hlalosa li-subprotocols.
Kakaretso ea 238 protocol le litlhaloso tsa kopo li tšehetsoa, ho tloha
OpenVPN, Tor, QUIC, SOCKS, BitTorrent le IPsec ho Telegraph,
Viber, WhatsApp, PostgreSQL le mehala ho Gmail, Office365
GoogleDocs le YouTube. Ho na le sehatisi sa setifikeiti sa seva le moreki sa SSL se u lumellang hore u tsebe hore na ke protocol (mohlala, Citrix Online le Apple iCloud) u sebelisa setifikeiti sa encryption. Ts'ebeliso ea nDPIreader e fanoa ho sekaseka litaba tsa ho lahla pcap kapa sephethephethe sa hajoale ka sebopeho sa marang-rang.
$ ./nDPIreader -i eth0 -s 20 -f "host 192.168.1.10"
Li-protocol tse fumanoeng:
Lipakete tsa DNS: 57 byte: 7904 e phalla: 28
Lipakete tsa SSL_No_Cert: 483 byte: 229203 e phalla: 6
Lipakete tsa FaceBook: 136 byte: 74702 e phalla: 4
Lipakete tsa DropBox: li-byte tse 9: phallo ea 668: 3
Lipakete tsa Skype: li-byte tse 5: 339 e phalla: 3
Lipakete tsa Google: 1700 byte: 619135 e phalla: 34
Tokollong e ncha:
- Boitsebiso bo mabapi le protocol hona joale bo bontšoa hang-hang holim'a tlhaloso, ntle le ho emela hore metadata e feletseng e amoheloe (esita le ha masimo a itseng a e-s'o aroloe ka lebaka la ho hlōleha ho fumana lipakete tsa marang-rang tse lumellanang), e leng ntho ea bohlokoa bakeng sa bahlahlobisisi ba sephethephethe ba hlokang hang-hang. ho arabela mefuteng e itseng ya sephethephethe. Bakeng sa lits'ebetso tse hlokang karohano e felletseng ea protocol, ndpi_extra_dissection_possible() API e fanoa ho netefatsa hore metadata eohle ea protocol e hlalosoa.
- E kentsoe ts'ebetsong e tebileng ea tlhahlobo ea TLS, e ntša tlhahisoleseling mabapi le ho nepahala ha setifikeiti le SHA-1 hash ea setifikeiti.
- Folakha ea "-C" e kentsoe ts'ebelisong ea nDPIreader bakeng sa ho romelloa kantle ka sebopeho sa CSV, e leng se nolofalletsang ho sebelisa sesebelisoa sa tlatsetso sa ntop. disampole tse rarahaneng haholo tsa dipalopalo. Mohlala, ho tseba IP ea mosebelisi ea shebelletseng lifilimi ho NetFlix nako e telele ka ho fetesisa:
$ ndpiReader -i netflix.pcap -C /tmp/netflix.csv
$ q -H -d ',' "khetha src_ip,SUM(src2dst_bytes+dst2src_bytes) ho tloha /tmp/netflix.csv moo ndpi_proto e ratang sehlopha sa'% NetFlix%' ka src_ip"192.168.1.7,6151821
- Tšehetso e ekelitsoeng bakeng sa se hlahisitsoeng ka ho tsebahatsa ts'ebetso e mpe e patiloeng ka har'a sephethephethe se patiloeng ka boholo ba pakete le tlhahlobo ea nako / latency. Ho ndpiReader, mokhoa ona o sebelisoa ke khetho ea "-J".
- Karolelano ea liprothokholo ka mekhahlelo e fanoe.
- Tšehetso e ekelitsoeng bakeng sa ho bala IAT (Inter-Arrival Time) ho khetholla li-anomalies ts'ebelisong ea protocol, mohlala, ho tsebahatsa tšebeliso ea protocol nakong ea tlhaselo ea DoS.
- E ekelitsoe bokhoni ba tlhahlobo ea data ho ipapisitsoe le metrics e baliloeng joalo ka entropy, mean, kheloha e tloaelehileng, le phapang.
- Ho hlahisitsoe mofuta oa pele oa litlamo bakeng sa puo ea Python.
- E kentse mokhoa oa ho lemoha likhoele tse balehang sephethephetheng ho bona ho lutla ha data. IN
ndpiReader mode e lumelloa ka khetho ea "-e". - Tšehetso e ekelitsoeng bakeng sa mokhoa oa boitsebahatso oa bareki ba TLS , e u lumellang ho tseba, ho ipapisitse le litšoaneleho tsa khokahano ea khokahano le litekanyetso tse boletsoeng, software e sebelisetsoang ho theha khokahano (mohlala, e u lumella ho tseba ts'ebeliso ea Tor le lits'ebetso tse ling tse tloaelehileng).
- Tšehetso e ekelitsoeng bakeng sa mekhoa ea ho khetholla ts'ebetsong ea SSH () le DHCP.
- Mesebetsi e ekelitsoeng bakeng sa serializing le deserializing data in
Mofuta-Length-Value (TLV) le lifomate tsa JSON. - Ts'ehetso e ekelitsoeng bakeng sa liprothokholo le lits'ebeletso: DTLS (TLS over UDP),
hulu,
TikTok/Musical.ly,
Video ea WhatsApp,
DNSoverHTTPS
Mo boloka boitsebiso
Line,
Google Duo, Hangout,
WireGuard VPN,
IMO
Atometsa.us. - Ts'ehetso e ntlafalitsoeng bakeng sa tlhahlobo ea TLS, SIP, STUN,
viber,
WhatsApp,
Amazon Video,
SnapChat
ftp,
QUIC
OpenVPN UDP,
Facebook Messenger le Hangout.
Source: opennet.ru