- Added Modbus over TCP dissector
- Wireshark Lua plugin compatibility with Wireshark 3
- Improved MDNS dissection
- Improved HTTP response code handling
- Full dissection of HTTP responses
- Fixed false positive mining detection
- Fixed invalid TCP DNS dissection
- Releasing buffers upon
realloc
failures - ndpiReader: Prevents references after free
- Endianness fixes
- Fixed IPv6 HTTP traffic dissection
- Fixed H.323 detection
- Disabled ookla statistics which need to be improved
- Support for custom protocol files of arbitrary length
- Update radius.c to RFC2865
- New Bitcoin, Ethereum, ZCash, Monero dissectors all identified as Mining
- New Signal.org dissector
- New Nest Log Sink dissector
- New UPnP dissector
- Added support for SMBv1 traffic, split from SMBv23
- Improved Skype detection, merged Skype call in/out into Skype Call
- Improved heuristics for Skype, Teredo, Netbios
- Improved SpeedTest (Ookla) detection
- Improved WhatsApp detection
- Improved WeChat detection
- Improved Facebook Messenger detection
- Improved Messenger/Hangout detection
- Improved SSL detection, prevent false positives
- Improved guess for UDP protocols
- Improved STUN detection
- Added more Ubuntu servers
- Added missing categorization with giveup/guess
- Optimizations for TCP flows that do not start with a SYN packet (early giveup)
- Fixed eDonkey false positives
- Fixed Dropbox dissector
- Fixed Spotify dissector
- Fixed custom protocol loading
- Fixed missing Application Data packet for TLS
- Fixed buffer overflows
- Fixed custom categories match by IP
- Fixed category field not accounted in ndpi_get_proto_category
- Fixed null pointer dereference in ndpi_detection_process_packet
- Fixed compilation on Mac
- Deb and RPM packages: ndpi with shared libraries and binaries, ndpi-dev with headers and static libraries
- Protocols now have an optional subprotocol: Spotify cannot have subprotocols, DNS can (DNS.Spotify)
- New API functions:
- ndpi_fill_ip_protocol_category to handle ICMP flows category
- ndpi_flowv4_flow_hash and ndpi_flowv6_flow_hash to support the Community ID Flow Hashing (https://github.com/corelight/community-id-spec)
- ndpi_protocol2id to print the protocol as ID
- ndpi_get_custom_category_match to search host in custom categories
- Changed ndpi_detection_giveup API: guess is now part of the call
- Added DPDK support to ndpiReader
- Removed Musical.ly protocol (service no longer used)
- Custom categories have now priority over protocol related categories
- Improved clang support
- Showmax.com
- Musical.ly
- RapidVideo
- VidTO streaming service
- Apache JServ Protocol
- Facebook Messenger
- FacebookZero protocol
- Improved YouTube support
- Improved Netflix support
- Updated Google Hangout detection
- Updated Twitter address range
- Updated Viber ports, subnet and domain
- Updated AmazonVideo detection
- Updated list of FaceBook sites
- Initial Skype in/out support
- Improved Tor detection
- Improved hyperscan support and category definition
- Custom categories loading, extended ndpiReader (
-c <file>
) for loading name-based categories
- Fixes for Instagram flows classified as Facebook
- Fixed Spotify detection
- Fixed minimum packet payload length for SSDP
- Fixed length check in MSN, x-steam-sid, Tor certificate name
- Increase client's maximum payload length for SSH
- Fixed end-of-line bounds handling
- Fixed substring matching
- Fix for handling IP address based custom categories
- Repaired wrong timestamp calculation
- Fixed memory leak
- Optimized memory usage
- New API calls:
ndpi_set_detection_preferences()
ndpi_load_hostname_category()
ndpi_enable_loaded_categories()
ndpi_fill_protocol_category()
ndpi_process_extra_packet()
- Skype CallIn/CallOut are now set as Skype.SkypeCallOut Skype.SkypeCallIn
- Added support for SMTPS on port 587
- Changed RTP from VoIP to Media category
- Added site unavailable category
- Added custom categories CUSTOM_CATEGORY_MINING, CUSTOM_CATEGORY_MALWARE, CUSTOM_CATEGORY_ADVERTISEMENT, CUSTOM_CATEGORY_BANNED_SITE
- Implemented hash-based categories
- Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection
- Hyperscan support
ndpi_get_api_version
API call to be used in applications that are dynamically linking with nDPI--enable-debug-messages
to enable debug information output- Increased number of protocols to 512
- GoogleDocs
- GoogleServices
- AmazonVideo
- ApplePush
- Diameter
- GooglePlus
- WhatsApp file exchage
- WhatsApp detection
- Amazon detection
- Improved Google Drive
- Improved Spotify support
- Improved SNI matching when using office365
- Improved HostShield VPN
- Fixed invalid RTP/Skype detection
- Fixed possible out-of-bounds due to malformed DHCP packets
- Fixed buffer overflow in function
ndpi_debug_printf
- Custom protocol categories to allow personalization of protocols-categories mappings
- DHCP fingerprinting
- HTTP User Agent discovery
- ICQ (instant messaging client)
- YouTube Upload
- LISP
- SoundCloud
- Sony PlayStation
- Nintendo (switch) gaming protocol
- Windows 10 detection from UA and indentation
- Determine STUN flows that turn into RTP
- Fixes for iQIYI and 1kxun
- Android fingerprint
- Added DHCP class identifier support
- nDPI Wireshark plugin for Layer-7 protocol dissection. The plugin, available via an extcap interface, passes Wireshark the nDPI-detected protocols by adding an ethernet packet trailer that is then interpreted and displayed inside the Wireshark GUI. Readme: https://github.com/ntop/nDPI/blob/dev/wireshark/README.md
- STARTTLS
- IMAPS
- DNScrypt
- QUIC (Quick UDP Internet Connections)
- AMQP (Advanced Message Queueing Protocol)
- Ookla (SpeedTest)
- BJNP
- AFP (Apple Filing Protocol)
- SMPP (Short Message Peer-to-Peer)
- VNC
- OpenVPN
- OpenDNS
- RX protocol (used by AFS)
- CoAP and MQTT (IoT specific protocols)
- Cloudflare
- Office 365
- OCS
- MS Lync
- Ubiquity AirControl 2
- HEP (Extensible Encapsulation Protocol)
- WhatsApp Voice vs WhatsApp (chat, no voice)
- Viber
- Github
- Hotmail
- Slack
- Snapchat
- MPEG TS protocol
- Twitch
- KakaoTalk Voice and Chat
- Meu
- EAQ
- iQIYI media service
- PPStream
- SSH client/server version dissection
- Improved SSL dissection
- SSL server certificate detection
- Added double tagging 802.1Q in dissection of vlan-tagged packets
- Improved netBIOS dissection
- Improved Skype detection
- Improved Netflix traffic detection
- Improved HTTP subprotocol matching
- Implemented DHCP host name extraction
- Updated Facebook detection by ip server ranges
- Updated Twitter networks
- Improved Microsoft detection
- Enhanced Google detection
- Improved BT-uTP protocol dissection
- Added detection of Cisco datalink layer (Cisco hDLC and Cisco SLARP)
- improved support for eDonkey/eMule/Kademlia
- improved support for PPLive
- code optimizations
- consistency improvements
- added support for new applications: Pando Media Booster
- improved support for Steam
- added support for new web services: Wikipedia, MSN, Amazon, eBay, CNN
- added new protocols: FTP, code improvements
- added new protocols: SOCKSv4, SOCKSv5, RTMP