This is to announce the release of nDPI 3.4 that is a major step ahead with respect to 3.2:
- Detection speed has been greatly optimised
- Many new functions for statistical protocol analysis have been introduced. This is to expand nDPI into traffic analysis beyond simple flow-based analysis.
- Fuzzing and code analysis (credits to catenacyber and lnslbrty) made nDPI more stable and robust than ever
- Completely rewritten QUIC dissector (credits to IvanNardi) with support of the latest protocol versions
- Added 24 security risks for speeding up the adoption of nDPI in cybersecurity that can be used to detect obsolete protocol versions, invalid/outdated ciphers, encryption violations, insecure protocol versions and many more.
Below you can find the complete changelog.
Enjoy!
Changelog
New Features
- Completely reworked and extended QUIC dissector
- Added flow risk concept to move nDPI towards result interpretation
- Added ndpi_dpi2json() API call
- Added DGA risk for names that look like a DGA
- Added HyperLogLog cardinality estimator API calls
- Added ndpi_bin_XXX API calls to handle bin handling
- Fully fuzzy tested code that has greatly improved reliability and robustness
New Supported Protocols and Services
- QUIC
- SMBv1
- WebSocket
- TLS: added ESNI support
- SOAP
- DNScrypt
Improvements
- Python CFFI bindings
- Various TLS extensions and fixes including extended metadata support
- Added various pcap files for testing corner cases in protocols
- Various improvements in JSON/Binary data serialisation
- CiscoVPN
- H323
- MDNS
- MySQL 8
- IEC 60870-5-104
- DoH/DoT dissection improvements
- Office365 renamed to Microsoft365
- Major protocol dissection improvement in particular with unknown traffic
- Improvement in Telegram v6 protocol support
- HTTP improvements to detect file download/upload and binary files
- BitTorrent and WhatsApp dissection improvement
- Spotify
- Added detection of malformed packets
- Fuzzy testing support has been greatly improved
- SSH code cleanup
Fixes
- Fixed various memory leaks and race conditions in protocol decoding
- NATS, CAPWAP dissector
- Removed HyperScan support that greatly simplified the code
- ARM platform fixes on memory alignment
- Wireshark extcap support
- DPDK support
- OpenWRT, OpenBSD support
- MINGW compiler support
Misc
- Created demo app for nDPI newcomers
- Removed obsolete pplive and pando protocols