Ivan Nardi
Ivan Nardi
ECH is now enabled by default on Chrome, Firefox and Cloudflare (at least) We already have a basic detection; see https://github.com/ntop/nDPI/commit/c85f2fb0f44f734a34ac905d4e35fcf479f19901 Do we need something else in nDPI? Dissection of...
Try to detect Mysql asymmetrically. Right now we need the first packet sent by the server; improve detection using only packets sent by the client
Google Chrome started to randomize the order of TLS extensions in ClientHello packet, to reduce ossification. This update has been already deployed. https://www.fastly.com/blog/a-first-look-at-chromes-tls-clienthello-permutation-in-the-wild A similar patch has been already merged...
It might be useful to have some kind of packet dissection and flow management provided directly from nDPI itself. Not sure of the extension of this topic: some "basic" code...
eDonkey is definitely not as used as >10 years ago, but it seems it is still active. While having a basic TCP support seems easy, identification over UDP doesn't work...
See: https://github.com/ntop/nDPI/commit/8fbef7fb5ab682b7aa9c92e4fd6e106698eb4ae1 https://github.com/ntop/nDPI/commit/9e549ba781a87cb0131c439939e27fd5fd050f10
Running unit tests is quite a bottleneck while developing or while waiting for GitHub CI results... Try to run the tests in parallel, using the `parallel` tool. By default, tests...
The simplest solution is to analyze all the UDP patterns only when there is a port matching