Iphrojekthi ye-ntop, ethuthukisa amathuluzi okuthwebula nokuhlaziya ithrafikhi, ishicilele ukukhululwa kwe-nDPI 4.0 deep inspection toolkit, eqhubeka nokuthuthukiswa komtapo wezincwadi we-OpenDPI. Iphrojekthi ye-nDPI yasungulwa ngemva komzamo ongaphumelelanga wokuphusha izinguquko endaweni yokugcina i-OpenDPI, eshiywe inganakekelwa. Ikhodi ye-nDPI ibhalwe ngo-C futhi ilayisensi ngaphansi kwe-LGPLv3.
Iphrojekthi ikuvumela ukuthi unqume izimiso zeleveli yohlelo lokusebenza ezisetshenziswa kuthrafikhi, uhlaziye imvelo yomsebenzi wenethiwekhi ngaphandle kokuboshelwa ezimbobeni zenethiwekhi (inganquma izivumelwano ezaziwayo izibambi zazo abamukela ukuxhumeka ezimbobeni zenethiwekhi ezingajwayelekile, isibonelo, uma i-http ithunyelwe isuka kwelinye ichweba ngaphandle kwe-port 80, noma, ngokuphambene, lapho Bazama ukufihla omunye umsebenzi wenethiwekhi njenge-http ngokuwusebenzisa ku-port 80).
Umehluko ovela ku-OpenDPI uncike ekusekeleni amaphrothokholi engeziwe kanye nokudluliselwa kwepulatifomu. Windows, ΠΎΠΏΡΠΈΠΌΠΈΠ·Π°ΡΠΈΠΈ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡΠ΅Π»ΡΠ½ΠΎΡΡΠΈ, Π°Π΄Π°ΠΏΡΠ°ΡΠΈΠΈ Π΄Π»Ρ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΡ Π² ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡΡ Π΄Π»Ρ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΡΡΠ°ΡΠΈΠΊΠ° Π² ΡΠ΅ΠΆΠΈΠΌΠ΅ ΡΠ΅Π°Π»ΡΠ½ΠΎΠ³ΠΎ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ (ΡΠ±ΡΠ°Π½Ρ Π½Π΅ΠΊΠΎΡΠΎΡΡΠ΅ ΡΠΏΠ΅ΡΠΈΡΠΈΡΠ½ΡΠ΅ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΠΈ, Π·Π°ΠΌΠ΅Π΄Π»ΡΠ²ΡΠΈΠ΅ Π΄Π²ΠΈΠΆΠΎΠΊ), Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΠΈ ΡΠ±ΠΎΡΠΊΠΈ Π² ΡΠΎΡΠΌΠ΅ ΠΌΠΎΠ΄ΡΠ»Ρ ΡΠ΄ΡΠ° Linux kanye nokusekelwa kwencazelo yama-subprotocol.
Ingqikithi yezincazelo zephrothokholi ezingama-247 nezincazelo zohlelo ziyasekelwa, kusukela OpenVPN, Tor, QUIC, SOCKS, BitTorrent ΠΈ IPsec Π΄ΠΎ Telegram, Viber, WhatsApp, PostgreSQL ΠΈ ΠΎΠ±ΡΠ°ΡΠ΅Π½ΠΈΠΉ ΠΊ GMail, Office365 GoogleDocs ΠΈ YouTube. ΠΠΌΠ΅Π΅ΡΡΡ Π΄Π΅ΠΊΠΎΠ΄ΠΈΡΠΎΠ²ΡΠΈΠΊ ΡΠ΅ΡΠ²Π΅ΡΠ½ΡΡ ΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΡΠΊΠΈΡ Izitifiketi ze-SSL, okukuvumela ukuthi ukhombe iphrothokholi (isibonelo, i-Citrix Online kanye ne-Apple iCloud) usebenzisa isitifiketi sokubethela. Insizakalo ye-nDPIreader inikezwa ukuhlaziya okuqukethwe yi-pcap dumps noma ithrafikhi yesikhombimsebenzisi senethiwekhi yamanje.
$ ./nDPIreader -i eth0 -s 20 -f βhost 192.168.1.10β Amaphrothokholi atholiwe: Amaphakethe e-DNS: 57 bytes: 7904 flows: 28 SSL_No_Cert amaphakethe: 483 bytes: 229203 flows 6: 136 by 74702 Face: 4 Face: 9 Face Amaphakethe angu-668 eDropBox: amabhayithi angu-3: 5 agelezayo: 339 amaphakethe eSkype: 3 amabhayithi: 1700 agelezayo: 619135 Amaphakethe e-Google: 34 bytes: XNUMX agelezayo: XNUMX
Ekukhishweni okusha:
- Ukusekelwa okuthuthukisiwe kwezindlela zokuhlaziya ithrafikhi ebethelwe (ETA - Ukuhlaziywa Kwethrafikhi Ebethelwe).
- Ukusekelwa kusetshenziswe indlela ethuthukisiwe yokuhlonza iklayenti ye-JA3+ TLS, evumela, ngokusekelwe ezicini zezingxoxo zokuxhumanisa nemingcele ecacisiwe, ukunquma ukuthi iyiphi isofthiwe esetshenziselwa ukusungula uxhumano (ngokwesibonelo, ikuvumela ukuthi unqume ukusetshenziswa kwe-Tor kanye ezinye izinhlelo zokusebenza ezijwayelekile). Ngokungafani nendlela ye-JA3 esekelwe ngaphambilini, i-JA3+ inamaphozithizi ambalwa ambalwa.
- Inani lezinsongo zenethiwekhi ezihlonziwe kanye nezinkinga ezihlobene nengcuphe yokonakala (ingozi yokugeleza) linwetshiwe lafinyelela ku-33. Izitholi ezintsha ezisongelayo zengeziwe ezihlobene nedeskithophu kanye nokwabelana ngamafayela, ithrafikhi ye-HTTP esolisayo, i-JA3 enonya ne-SHA1, kanye nokufinyelela kuzinkinga izizinda nezinhlelo ezizimele, ukusetshenziswa kwezitifiketi ze-TLS ezinezandiso ezisolisayo noma isikhathi eside kakhulu sokuqinisekisa.
- Ukuthuthukiswa kokusebenza okubalulekile kwenziwe; uma kuqhathaniswa negatsha 3.0, isivinini sokucutshungulwa kwethrafikhi sikhuphuke izikhathi ezingu-2.5.
- Kungezwe ukwesekwa kwe-GeoIP ukuze kunqunywe indawo nge- Ikheli le-IP.
- I-API eyengeziwe yokubala i-RSI (Inkomba Yamandla Ahlobene).
- Izilawuli zokuhlukanisa sezisetshenzisiwe.
- I-API eyengeziwe yokubala ukufana kokugeleza (i-jitter).
- Ukwengezwa okungeziwe kwezivumelwano namasevisi: PhakathiUs, AVAST SecureDNS, CPHA (CheckPoint High Availability Protocol), DisneyPlus, DTLS, Genshin Impact, HP Virtual Machine Group Management (hpvirtgrp), Mongodb, Pinterest, Reddit, Snapchat VoIP, Tumblr, Virtual Assitant ( I-Alexa , Siri), Z39.50.
- Ukudluliswa okuthuthukisiwe nokutholwa kwe-AnyDesk, DNS, Hulu, DCE/RPC, dnscrypt, Facebook, Fortigate, FTP Control, HTTP, IEC104, IEC60870, IRC, Netbios, Netflix, Ookla speedtest, openspeedtest.com, Outlook / MicrosoftMail, QUIC, RTSP amaphrothokholi , i-RTSP nge-HTTP, i-SNMP, i-Skype, i-SSH, i-Steam, i-STUN, i-TeamViewer, i-TOR, i-TLS, i-UPnP, i-wireguard.
Source: opennet.ru
