Iphrojekthi ye-ntop, ethuthukisa amathuluzi okuthwebula nokuhlaziya ithrafikhi, ishicilele ukukhululwa kwe-nDPI 4.0 deep inspection toolkit, eqhubeka nokuthuthukiswa komtapo wezincwadi we-OpenDPI. Iphrojekthi ye-nDPI yasungulwa ngemva komzamo ongaphumelelanga wokuphusha izinguquko endaweni yokugcina i-OpenDPI, eshiywe inganakekelwa. Ikhodi ye-nDPI ibhalwe ngo-C futhi ilayisensi ngaphansi kwe-LGPLv3.
Iphrojekthi ikuvumela ukuthi unqume izimiso zeleveli yohlelo lokusebenza ezisetshenziswa kuthrafikhi, uhlaziye imvelo yomsebenzi wenethiwekhi ngaphandle kokuboshelwa ezimbobeni zenethiwekhi (inganquma izivumelwano ezaziwayo izibambi zazo abamukela ukuxhumeka ezimbobeni zenethiwekhi ezingajwayelekile, isibonelo, uma i-http ithunyelwe isuka kwelinye ichweba ngaphandle kwe-port 80, noma, ngokuphambene, lapho Bazama ukufihla omunye umsebenzi wenethiwekhi njenge-http ngokuwusebenzisa ku-port 80).
Umehluko ovela ku-OpenDPI uhlanganisa ukwesekwa kwezivumelwano ezengeziwe, ukuthuthwa ku-Windows platform, ukusebenza kahle, ukuzivumelanisa nezimo ukuze kusetshenziswe izinhlelo zokusebenza zokuqapha ithrafikhi ngesikhathi sangempela (ezinye izici ezithile ezehlise ijubane injini zisusiwe), ikhono lokwakha ngendlela Imojuli ye-Linux kernel, nokusekelwa kokuchaza ama-subprotocols .
Ingqikithi yezincazelo zephrothokholi engu-247 nezincazelo zohlelo ziyasekelwa, kusukela ku-OpenVPN, Tor, QUIC, SOCKS, BitTorrent ne-IPsec kuya kuTelegram, Viber, WhatsApp, PostgreSQL kanye nezingcingo eziya ku-GMail, Office365 GoogleDocs kanye ne-YouTube. Kunesiphakeli nesikhikhidakhodi sesitifiketi se-SSL esikuvumela ukuthi unqume umthetho olandelwayo (isibonelo, i-Citrix Online ne-Apple iCloud) usebenzisa isitifiketi sokubethela. Insiza ye-nDPIreader ihlinzekwa ukuhlaziya okuqukethwe kokulahlwa kwe-pcap noma ithrafikhi yamanje ngesixhumi esibonakalayo senethiwekhi.
$ ./nDPIreader -i eth0 -s 20 -f “host 192.168.1.10” Amaphrothokholi atholiwe: Amaphakethe e-DNS: 57 bytes: 7904 flows: 28 SSL_No_Cert amaphakethe: 483 bytes: 229203 flows 6: 136 by 74702 Face: 4 Face: 9 Face Amaphakethe angu-668 eDropBox: amabhayithi angu-3: 5 agelezayo: 339 amaphakethe eSkype: 3 amabhayithi: 1700 agelezayo: 619135 Amaphakethe e-Google: 34 bytes: XNUMX agelezayo: XNUMX
Ekukhishweni okusha:
- Ukusekelwa okuthuthukisiwe kwezindlela zokuhlaziya ithrafikhi ebethelwe (ETA - Ukuhlaziywa Kwethrafikhi Ebethelwe).
- Ukusekelwa kusetshenziswe indlela ethuthukisiwe yokuhlonza iklayenti ye-JA3+ TLS, evumela, ngokusekelwe ezicini zezingxoxo zokuxhumanisa nemingcele ecacisiwe, ukunquma ukuthi iyiphi isofthiwe esetshenziselwa ukusungula uxhumano (ngokwesibonelo, ikuvumela ukuthi unqume ukusetshenziswa kwe-Tor kanye ezinye izinhlelo zokusebenza ezijwayelekile). Ngokungafani nendlela ye-JA3 esekelwe ngaphambilini, i-JA3+ inamaphozithizi ambalwa ambalwa.
- Inani lezinsongo zenethiwekhi ezihlonziwe kanye nezinkinga ezihlobene nengcuphe yokonakala (ingozi yokugeleza) linwetshiwe lafinyelela ku-33. Izitholi ezintsha ezisongelayo zengeziwe ezihlobene nedeskithophu kanye nokwabelana ngamafayela, ithrafikhi ye-HTTP esolisayo, i-JA3 enonya ne-SHA1, kanye nokufinyelela kuzinkinga izizinda nezinhlelo ezizimele, ukusetshenziswa kwezitifiketi ze-TLS ezinezandiso ezisolisayo noma isikhathi eside kakhulu sokuqinisekisa.
- Ukuthuthukiswa kokusebenza okubalulekile kwenziwe; uma kuqhathaniswa negatsha 3.0, isivinini sokucutshungulwa kwethrafikhi sikhuphuke izikhathi ezingu-2.5.
- Kwengezwe usekelo lwe-GeoIP lokunquma indawo ngekheli le-IP.
- I-API eyengeziwe yokubala i-RSI (Inkomba Yamandla Ahlobene).
- Izilawuli zokuhlukanisa sezisetshenzisiwe.
- I-API eyengeziwe yokubala ukufana kokugeleza (i-jitter).
- Ukwengezwa okungeziwe kwezivumelwano namasevisi: PhakathiUs, AVAST SecureDNS, CPHA (CheckPoint High Availability Protocol), DisneyPlus, DTLS, Genshin Impact, HP Virtual Machine Group Management (hpvirtgrp), Mongodb, Pinterest, Reddit, Snapchat VoIP, Tumblr, Virtual Assitant ( I-Alexa , Siri), Z39.50.
- Ukudluliswa okuthuthukisiwe nokutholwa kwe-AnyDesk, DNS, Hulu, DCE/RPC, dnscrypt, Facebook, Fortigate, FTP Control, HTTP, IEC104, IEC60870, IRC, Netbios, Netflix, Ookla speedtest, openspeedtest.com, Outlook / MicrosoftMail, QUIC, RTSP amaphrothokholi , i-RTSP nge-HTTP, i-SNMP, i-Skype, i-SSH, i-Steam, i-STUN, i-TeamViewer, i-TOR, i-TLS, i-UPnP, i-wireguard.
Source: opennet.ru