Le projekthi
Le projekthi
Umahluko kwi-OpenDPI yehla ukuxhasa iiprothokholi ezongezelelweyo, ukufakwa kweqonga leWindows, ukwenziwa ngcono komsebenzi, ukulungelelaniswa kokusetyenziswa kwizicelo zokubeka iliso kwitrafikhi ngexesha lokwenyani (ezinye izinto eziye zacothisa injini zisusiwe),
amandla endibano ngendlela yemodyuli ye-Linux kernel kunye nenkxaso yokuchaza i-subprotocols.
Itotali ye-238 yeprotocol kunye neenkcazo zesicelo zixhaswa, ukusuka
OpenVPN, Tor, QUIC, SOCKS, BitTorrent kunye ne-IPsec kwiTelegram,
Viber, WhatsApp, PostgreSQL kunye neefowuni kwiGmail, Office365
GoogleDocs kunye neYouTube. Kukho iseva kunye nomxhasi we-SSL decoder yesatifikethi esikuvumela ukuba umisele umthetho olandelwayo (umzekelo, iCitrix Online kunye neApple iCloud) usebenzisa isatifikethi sofihlo. Isixhobo se-nDPIreader sinikezelwe ukuhlalutya imixholo yokulahla i-pcap okanye i-traffic yangoku nge-interface yenethiwekhi.
$ ./nDPIreader -i eth0 -s 20 -f "host 192.168.1.10"
Iiprothokholi ezichongiweyo:
Iipakethi zeDNS: 57 bytes: 7904 flows: 28
Iipakethi ze-SSL_No_Cert: 483 bytes: 229203 flows: 6
Iipakethi zikaFaceBook: 136 bytes: 74702 flows: 4
Iipakethi zeDropBox: 9 bytes: 668 flows: 3
Iipakethe zeSkype: 5 bytes: 339 flows: 3
Iipakethi zikaGoogle: 1700 bytes: 619135 flows: 34
Kukhupho olutsha:
- Ulwazi malunga neprothokholi ngoku iboniswa ngokukhawuleza phezu kwenkcazo, ngaphandle kokulinda i-metadata epheleleyo ukuba ifunyenwe (nangona iindawo ezithile zingekacalulwa ngenxa yokusilela ukufumana iipakethi zenethiwekhi ezihambelanayo), okubalulekileyo kubahlalutyi bezithuthi ekufuneka ngokukhawuleza ukuphendula kwiintlobo ezithile zetrafikhi. Kwizicelo ezifuna i-protocol dissection epheleleyo, i-ndpi_extra_dissection_possible () API inikezelwe ukuqinisekisa ukuba yonke i-protocol metadata ichaziwe.
- Kuphunyezwe ulwahlulo olunzulu lwe-TLS, lukhupha ulwazi malunga nokuchaneka kwesatifikethi kunye ne-SHA-1 hash yesatifikethi.
- Iflegi "-C" yongezwe kwisicelo se-nDPIreader sokuthunyelwa ngaphandle kwifomathi ye-CSV, eyenza kube lula ukusebenzisa i-top toolkit eyongezelelweyo.
Yithathe iisampuli zamanani ezintsonkothileyo. Umzekelo, ukumisela i-IP yomsebenzisi obukele iimuvi kwiNetFlix ixesha elide:$ ndpiReader -i netflix.pcap -C /tmp/netflix.csv
$ q -H -d ',' "khetha src_ip,SUM(src2dst_bytes+dst2src_bytes) ukusuka /tmp/netflix.csv apho i-ndpi_proto ithanda '% NetFlix%' iqela nge-src_ip"192.168.1.7,6151821
- Inkxaso eyongeziweyo kwinto ecetywayo kwi
Cisco Uvuyo amagcisa ukuchonga umsebenzi okhohlakeleyo ofihliweyo kwitrafikhi efihliweyo usebenzisa ubungakanani bepakethi kunye nokuthumela uhlalutyo lwexesha / latency. Kwi-ndpiReader, indlela isebenze ngokhetho "-J". - Ulwahlulo lwemigaqo ngokweendidi lunikiwe.
- Inkxaso eyongeziweyo yokubala i-IAT (ixesha lokufika kwe-Inter-Arrival) ukuchonga i-anomalies ekusebenziseni iprotocol, umzekelo, ukuchonga ukusetyenziswa kweprotocol ngexesha lokuhlaselwa kwe-DoS.
- Ulwazi olongeziweyo lokuhlalutya idatha olusekwe kwiimetriki ezibaliweyo ezifana ne-entropy, intsingiselo, ukutenxa okusemgangathweni, kunye nokwahluka.
- Uguqulelo lokuqala lwezibophelelo zolwimi lwePython lucetyiwe.
- Yongezwe imo yokukhangela imitya efundekayo kwitrafikhi ukukhangela ukuvuza kwedatha. IN
Imowudi ye-ndpiReader yenziwe ngokhetho "-e". - Inkxaso eyongeziweyo yendlela yokuchonga umxumi we-TLS
JA3 , ekuvumela ukuba unqume, ngokusekelwe kwiimpawu zokulungelelaniswa koqhagamshelwano kunye neeparitha ezichaziweyo, yeyiphi isofthiwe esetyenziselwa ukuseka uxhumano (umzekelo, ikuvumela ukuba unqume ukusetyenziswa kweTor kunye nezinye izicelo eziqhelekileyo). - Inkxaso eyongeziweyo yeendlela zokuchonga ukuphunyezwa kwe-SSH (
IHASSH ) kunye neDHCP. - Imisebenzi eyongeziweyo yokulandelanisa kunye nokususa idatha kwi
Uhlobo-Ubude-Ixabiso (TLV) kunye neefomathi ze-JSON. - Inkxaso eyongeziweyo yeeprothokholi kunye neenkonzo: DTLS (TLS ngaphezulu kwe-UDP),
kakhulu,
TikTok/Musical.ly,
Ividiyo kaWhatsApp,
DNSoverHTTPS
Umgcini wedatha
Umgca,
Google Duo, Hangout,
WireGuard VPN,
I-IMO
Sondeza.us. - Inkxaso ephuculweyo ye-TLS, i-SIP, uhlalutyo lwe-STUN,
viber,
WhatsApp,
Ividiyo yeAmazon,
SnapChat
iftp,
QUIC
I-OpenVPN UDP,
Facebook Messenger kunye Hangout.
umthombo: opennet.ru