Trafikni qo'lga olish va tahlil qilish vositalarini ishlab chiqadigan ntop loyihasi OpenDPI kutubxonasini rivojlantirishni davom ettiruvchi nDPI 4.4 chuqur paketlarni tekshirish asboblar to'plamini nashr etdi. nDPI loyihasi OpenDPI omboriga o'zgartirish kiritishga bo'lgan muvaffaqiyatsiz urinishdan so'ng asos solingan va u saqlanib qolgan. nDPI kodi C tilida yozilgan va LGPLv3 ostida litsenziyalangan.
Tizim tarmoq portlariga ulanmagan holda tarmoq faoliyatining xarakterini tahlil qilib, trafikda ishlatiladigan dastur darajasidagi protokollarni aniqlash imkonini beradi (u ishlovchilari nostandart tarmoq portlarida ulanishlarni qabul qiladigan taniqli protokollarni aniqlashi mumkin, masalan, agar http 80-portdan yuborilmasa yoki aksincha, ular 80-portda ishga tushirish orqali boshqa tarmoq faoliyatini http sifatida kamuflyaj qilishga harakat qilishsa).
OpenDPI-dan farqlar orasida qo'shimcha protokollarni qo'llab-quvvatlash, Windows platformasiga o'tish, ishlashni optimallashtirish, real vaqt rejimida trafikni kuzatish dasturlarida foydalanish uchun moslashish (dvigatelni sekinlashtiradigan ba'zi o'ziga xos xususiyatlar olib tashlandi), Linux yadro moduli va subprotokollarni aniqlashni qo'llab-quvvatlash.
ΠΡΠ΅Π³ΠΎ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅ΡΡΡ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ ΠΎΠΊΠΎΠ»ΠΎ 300 ΠΏΡΠΎΡΠΎΠΊΠΎΠ»ΠΎΠ² ΠΈ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ, ΠΎΡ OpenVPN, Tor, QUIC, SOCKS, BitTorrent ΠΈ IPsec Π΄ΠΎ Telegram, Viber, WhatsApp, PostgreSQL ΠΈ ΠΎΠ±ΡΠ°ΡΠ΅Π½ΠΈΠΉ ΠΊ GMail, Office365, GoogleDocs ΠΈ YouTube. ΠΠΌΠ΅Π΅ΡΡΡ Π΄Π΅ΠΊΠΎΠ΄ΠΈΡΠΎΠ²ΡΠΈΠΊ ΡΠ΅ΡΠ²Π΅ΡΠ½ΡΡ ΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΡΠΊΠΈΡ SSL-ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ², ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠΈΠΉ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΠΈΡΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ» (Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, Citrix Online ΠΈ Apple iCloud), ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ ΡΠΈΡΡΠΎΠ²Π°Π½ΠΈΡ. ΠΠ»Ρ Π°Π½Π°Π»ΠΈΠ·Π° ΡΠΎΠ΄Π΅ΡΠΆΠΈΠΌΠΎΠ³ΠΎ pcap-Π΄Π°ΠΌΠΏΠΎΠ² ΠΈΠ»ΠΈ ΡΠ΅ΠΊΡΡΠ΅Π³ΠΎ ΡΡΠ°ΡΠΈΠΊΠ° ΡΠ΅ΡΠ΅Π· ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ ΠΏΠΎΡΡΠ°Π²Π»ΡΠ΅ΡΡΡ ΡΡΠΈΠ»ΠΈΡΠ° nDPIreader.
Yangi nashrda:
- ΠΠΎΠ±Π°Π²Π»Π΅Π½Ρ ΠΌΠ΅ΡΠ°Π΄Π°Π½Π½ΡΠ΅ Ρ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠ΅ΠΉ ΠΎ ΠΏΡΠΈΡΠΈΠ½Π΅ Π²ΡΠ·ΠΎΠ²Π° ΠΎΠ±ΡΠ°Π±ΠΎΡΡΠΈΠΊΠ° Π΄Π»Ρ ΡΠΎΠΉ ΠΈΠ»ΠΈ ΠΈΠ½ΠΎΠΉ ΡΠ³ΡΠΎΠ·Ρ.
- ΠΠΎΠ±Π°Π²Π»Π΅Π½Π° ΡΡΠ½ΠΊΡΠΈΡ ndpi_check_flow_risk_exceptions() Π΄Π»Ρ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ ΠΎΠ±ΡΠ°Π±ΠΎΡΡΠΈΠΊΠΎΠ² ΡΠ΅ΡΠ΅Π²ΡΡ ΡΠ³ΡΠΎΠ·.
- ΠΡΠΏΠΎΠ»Π½Π΅Π½ΠΎ ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΠ΅ Π½Π° ΡΠ΅ΡΠ΅Π²ΡΠ΅ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Ρ (Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, TLS) ΠΈ ΠΏΡΠΈΠΊΠ»Π°Π΄Π½ΡΠ΅ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Ρ (Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, ΡΠ΅ΡΠ²ΠΈΡΡ Google).
- ΠΠΎΠ±Π°Π²Π»Π΅Π½Ρ Π΄Π²Π° Π½ΠΎΠ²ΡΡ ΡΡΠΎΠ²Π½Ρ ΠΊΠΎΠ½ΡΠΈΠ΄Π΅Π½ΡΠΈΠ°Π»ΡΠ½ΠΎΡΡΠΈ: NDPI_CONFIDENCE_DPI_PARTIAL ΠΈ NDPI_CONFIDENCE_DPI_PARTIAL_CACHE.
- ΠΠΎΠ±Π°Π²Π»Π΅Π½ ΡΠ°Π±Π»ΠΎΠ½ Π΄Π»Ρ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ΡΠ΅ΡΠ²ΠΈΡΠ° Cloudflare WARP
- ΠΠ½ΡΡΡΠ΅Π½Π½ΡΡ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΡ hashmap Π·Π°ΠΌΠ΅Π½Π΅Π½Π° Π½Π° uthash.
- ΠΠ±Π½ΠΎΠ²Π»Π΅Π½Ρ ΠΏΡΠΈΠ²ΡΠ·ΠΊΠΈ Π΄Π»Ρ ΡΠ·ΡΠΊΠ° Python.
- ΠΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ Π·Π°Π΄Π΅ΠΉΡΡΠ²ΠΎΠ²Π°Π½Π° Π²ΡΡΡΠΎΠ΅Π½Π½Π°Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΡ gcrypt (Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ΡΠΈΡΡΠ΅ΠΌΠ½ΠΎΠΉ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π° ΠΎΠΏΡΠΈΡ βwith-libgcrypt).
- Π Π°ΡΡΠΈΡΠ΅Π½ ΡΠΏΠ΅ΠΊΡΡ Π²ΡΡΠ²Π»ΡΠ΅ΠΌΡΡ ΡΠ΅ΡΠ΅Π²ΡΡ ΡΠ³ΡΠΎΠ· ΠΈ ΠΏΡΠΎΠ±Π»Π΅ΠΌ, ΡΠ²ΡΠ·Π°Π½Π½ΡΡ Ρ ΡΠΈΡΠΊΠΎΠΌ ΠΊΠΎΠΌΠΏΡΠΎΠΌΠ΅ΡΠ°ΡΠΈΠΈ (flow risk). ΠΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° Π½ΠΎΠ²ΡΡ ΡΠΈΠΏΠΎΠ² ΡΠ³ΡΠΎΠ·: NDPI_PUNYCODE_IDN, NDPI_ERROR_CODE_DETECTED, NDPI_HTTP_CRAWLER_BOT ΠΈ NDPI_ANONYMOUS_SUBSCRIBER.
- Protokollar va xizmatlar uchun qo'shimcha yordam:
- UltraSurf
- i3D
- tartibsizlik o'yinlari
- tsan
- TunnelBear VPN
- yig'ilgan
- PIM (Protokoldan mustaqil multicast)
- Pragmatik umumiy multicast (PGM)
- RSH
- ΠΡΠΎΠ΄ΡΠΊΡΡ GoTo, ΡΠ°ΠΊΠΈΠ΅ ΠΊΠ°ΠΊ GoToMeeting
- Dazn
- MPEG-DASH
- Agora dasturiy ta'minoti aniqlangan real vaqtda tarmoq (SD-RTN)
- Toca Boka
- VXLAN
- DMNS/LLMNR
- Π£Π»ΡΡΡΠ΅Π½ ΡΠ°Π·Π±ΠΎΡ ΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»ΠΎΠ²:
- SMTP/SMTPS (Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° STARTTLS)
- OCSP
- TargusDataspeed
- Usenet
- DTLS
- TFTP
- SOAP via HTTP
- GenshinImpact
- IPSec/ISAKMP
- DNS
- syslog
- DHCP
- NATS
- UTube
- Xiaomi
- Raknet
- gnutella
- Kerberos
- QUIC (Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° ΡΠΏΠ΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ v2drft 01)
- SSDP
- SNMP
- ADI
- AES-NI
Manba: opennet.ru