Ivan Nardi
Ivan Nardi
Is JA4 algorithm supposed to work with DTLS traffic too? I am asking beacsue: 1) I didn't find any reference at all at DTLS in this repository 2) Wireshark doesn't...
See: #2484
CI: WIP
Roadmap
Just some non-commital ideas of features/protocols/algorithms to add (or delete) before the next release. Feel free to add anything in the comments
https://github.com/ntop/nDPI/pull/2588 added "monitoring" feature to nDPI. Let use this ticket to keep track of some possible improvements: From @utoni ``` use that specific behavior for other protocols e.g. suspicious TLS...
Since we have support for the new fingerprint JA4, should we remove the oldest version?
nDPI releases have always been cut approximately every 6-9 months. As reported by @lucaderi (https://www.ntop.org/ndpi/released-ndpi-4-10-421-protocols-55-flow-risks-several-improvements-getting-ready-for-fpc/) there were some discussions recently to change that and provide a new release more frequently...
It seems that we have some Z3950 false positives. In the attachement, the 4 flows are definitely not Z3950 but they are classified as such. [z3950_false_positives.zip](https://github.com/user-attachments/files/16833613/z3950_false_positives.zip)