Le phrojekthi , ukuthuthukisa amathuluzi okuthwebula nokuhlaziya ithrafikhi, ukukhululwa kwamathuluzi okuhlolwa kwephakheji okujulile , eqhubeka nokuthuthukiswa komtapo wolwazi . Iphrojekthi ye-nDPI yasungulwa ngemuva komzamo ongaphumelelanga wokudlulisela izinguquko kuwo I-OpenDPI, eshiywe ingaphelezelwa. Ikhodi ye-nDPI ibhalwe ngo-C kanye ilayisensi ngaphansi kwe-LGPLv3.
Le phrojekthi nquma izimiso zeleveli yohlelo lokusebenza ezisetshenziswa kuthrafikhi, ihlaziya imvelo yomsebenzi wenethiwekhi ngaphandle kokuboshelwa ezimbobeni zenethiwekhi (ingahlonza izivumelwano ezaziwa kakhulu abaphathi bazo abamukela uxhumo ezimbobeni zenethiwekhi ezingajwayelekile, isibonelo, uma i-http ingathunyelwanga ivela port 80, noma, ngokuphambene, lapho abanye bezama ukufihla omunye umsebenzi wenethiwekhi njenge-http ngokuwusebenzisa ku-port 80).
Umehluko ovela ku-OpenDPI wehla ukuze usekele izivumelwano ezengeziwe, ukuthuthwa kweplathifomu ye-Windows, ukwenziwa ngcono kokusebenza, ukuzivumelanisa nezimo ukuze zisetshenziswe ezinhlelweni zokuqapha ithrafikhi ngesikhathi sangempela (ezinye izici ezithile ezehlise ijubane injini zisusiwe),
amandla okuhlanganisa ngendlela yemojuli ye-Linux kernel kanye nokusekelwa kokuchaza ama-subprotocols.
Ingqikithi yezincazelo zephrothokholi ezingama-238 nezincazelo zohlelo ziyasekelwa, kusukela
OpenVPN, Tor, QUIC, SOCKS, BitTorrent kanye ne-IPsec kuTelegram,
Viber, WhatsApp, PostgreSQL kanye nezingcingo eziya ku-Gmail, Office365
I-GoogleDocs ne-YouTube. Kukhona iseva neklayenti isiqophi sekhodi yesitifiketi se-SSL esikuvumela ukuthi unqume umthetho olandelwayo (isibonelo, i-Citrix Online ne-Apple iCloud) usebenzisa isitifiketi sokubethela. Insiza ye-nDPIreader ihlinzekwa ukuhlaziya okuqukethwe kokulahlwa kwe-pcap noma ithrafikhi yamanje ngesixhumi esibonakalayo senethiwekhi.
$ ./nDPIreader -i eth0 -s 20 -f "host 192.168.1.10"
Amaphrothokholi atholiwe:
Amaphakethe e-DNS: 57 bytes: 7904 flow: 28
Amaphakethe we-SSL_No_Cert: 483 bytes: 229203 flow: 6
Amaphakethe e-Facebook: 136 bytes: 74702 flows: 4
Amaphakethe eDropBox: 9 bytes: 668 flow: 3
Amaphakethe eSkype: 5 bytes: 339 flow: 3
Amaphakethe e-Google: 1700 bytes: 619135 flows: 34
Ekukhishweni okusha:
- Ulwazi mayelana nephrothokholi manje luboniswa ngokushesha ngemva kwencazelo, ngaphandle kokulinda imethadatha egcwele ukuze yamukelwe (ngisho nalapho izinkambu ezithile zingakahlukaniswa ngenxa yokwehluleka ukuthola amaphakethe enethiwekhi ahambisanayo), okubalulekile kubahlaziyi bethrafikhi okudingeka bayenze ngokushesha. phendula ezinhlotsheni ezithile zethrafikhi. Kuzinhlelo zokusebenza ezidinga ukuhlukaniswa kwephrothokholi egcwele, i-ndpi_extra_dissection_possible() API inikezwa ukuze kuqinisekiswe ukuthi yonke imethadatha yephrothokholi ichaziwe.
- Kusetshenziswe ukuncozululwa okujulile kwe-TLS, kukhishwe ulwazi mayelana nokulunga kwesitifiketi kanye ne-SHA-1 hashi yesitifiketi.
- Ifulegi elithi "-C" lengeziwe kuhlelo lokusebenza lwe-nDPIreader ukuze lithekeliswe ngefomethi ye-CSV, okwenza kube nokwenzeka ukusebenzisa ikhithi yamathuluzi eyengeziwe ye-ntop. amasampula ezibalo ayinkimbinkimbi. Isibonelo, ukucacisa i-IP yomsebenzisi obukele amamuvi ku-NetFlix isikhathi eside kakhulu:
$ ndpiReader -i netflix.pcap -C /tmp/netflix.csv
$ q -H -d ',' "khetha src_ip,SUM(src2dst_bytes+dst2src_bytes) kusuka ku /tmp/netflix.csv lapho i-ndpi_proto ithanda '%NetFlix%' iqembu nge-src_ip"192.168.1.7,6151821
- Kwengezwe ukwesekwa kwalokho okuhlongozwe ku ukuhlonza umsebenzi omubi ofihliwe kuthrafikhi ebethelwe kusetshenziswa usayizi wephakethe kanye nokuhlaziya isikhathi/ukubambezeleka kokuthumela. Ku-ndpiReader, indlela icushiwe ngokukhethwa kukho "-J".
- Ukuhlukaniswa kwamaphrothokholi abe yizigaba kuyanikezwa.
- Usekelo olungeziwe lokubala i-IAT (Isikhathi Sokufike Ngaphakathi) ukuze kukhonjwe okudidayo ekusetshenzisweni kwephrothokholi, isibonelo, ukuhlonza ukusetshenziswa kwephrothokholi phakathi nokuhlaselwa kwe-DoS.
- Amakhono engeziwe okuhlaziya idatha asuselwe kumamethrikhi abaliwe afana ne-entropy, incazelo, ukuchezuka okujwayelekile, nokuhluka.
- Kuphakanyiswe inguqulo yokuqala yokubophezela kolimi lwePython.
- Kwengezwe imodi yokuthola izintambo ezifundekayo kuthrafikhi ukuze kutholwe ukuvuza kwedatha. IN
Imodi ye-ndpiReader inikwe amandla ngenketho ethi "-e". - Usekelo olungeziwe lwendlela yokuhlonza iklayenti ye-TLS , okuvumela ukuthi unqume, ngokusekelwe ezicini zokuxhumanisa ukuxhumana nemingcele ecacisiwe, iyiphi isofthiwe esetshenziselwa ukusungula uxhumano (isibonelo, ikuvumela ukuthi unqume ukusetshenziswa kwe-Tor nezinye izinhlelo zokusebenza ezijwayelekile).
- Ukwesekwa okwengeziwe kwezindlela zokuhlonza ukusetshenziswa kwe-SSH () kanye ne-DHCP.
- Imisebenzi engeziwe yokwenza i-serializing kanye nokususa idatha phakathi
Uhlobo Lobude-Value (TLV) namafomethi we-JSON. - Ukwesekwa okwengeziwe kwamaphrothokholi namasevisi: DTLS (TLS phezu kwe-UDP),
thula,
TikTok/Musical.ly,
Ividiyo ye-WhatsApp,
I-DNSoverHTTPS
Iseva yedatha
Ulayini,
I-Google Duo, i-Hangout,
I-WireGuard VPN,
I-IMO,
Sondeza.us. - Ukusekelwa okuthuthukisiwe kwe-TLS, i-SIP, ukuhlaziywa kwe-STUN,
I-Viber,
WhatsApp,
Ividiyo ye-Amazon,
I-SnapChat
I-FTP,
I-QUIC
I-OpenVPN UDP,
I-Facebook Messenger ne-Hangout.
Source: opennet.ru