From 70f584dfb56fae5f3f9590d7814f3a20817d2dcb Mon Sep 17 00:00:00 2001 From: pasabanov Date: Fri, 19 Jul 2024 02:14:24 +0300 Subject: [PATCH] Performed some grammar and typo fixes --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- CONTRIBUTING.md | 2 +- README.md | 2 +- doc/FAQ.md | 10 +++++----- example/protos.txt | 8 ++++---- lists/README.md | 2 +- python/DEV_GUIDE.md | 3 +-- src/include/ndpi_protocol_ids.h | 4 ++-- tests/dga/README.md | 6 +++--- utils/hostname2list.py | 2 +- utils/ipaddr2list.py | 2 +- wireshark/README.md | 2 +- wireshark/tshark/README.md | 2 +- 13 files changed, 23 insertions(+), 24 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 6e1390296fa..c7c6a334175 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,7 +1,7 @@ Please sign (check) the below before submitting the Pull Request: - [ ] I have signed the ntop Contributor License Agreement at https://github.com/ntop/legal/blob/main/individual-contributor-licence-agreement.md -- [ ] I have read the contributing guide lines at https://github.com/ntop/nDPI/blob/dev/CONTRIBUTING.md +- [ ] I have read the contributing guidelines at https://github.com/ntop/nDPI/blob/dev/CONTRIBUTING.md - [ ] I have updated the documentation (in doc/) to reflect the changes made (if applicable) Link to the related [issue](https://github.com/ntop/nDPI/issues): diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index baaa6cd8e30..d03bad6c416 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -5,7 +5,7 @@ Please keep all code, comments, issues and pull requests in English, otherwise t ## Found a bug? - First, check there are no already open issues for the bug. See [here](https://github.com/ntop/nDPI/issues). -- If there is not open issue addressing the bug, [open a new one](https://github.com/ntop/nDPI/issues/new). +- If there is no open issue addressing the bug, [open a new one](https://github.com/ntop/nDPI/issues/new). - Make sure to include a **descriptive and clear title and description**, including the **version of nDPI** being used. - Try to include steps to reproduce the bug. - If applicable, try to provide a stacktrace. diff --git a/README.md b/README.md index b7c289a836b..34f7cac6ef9 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## What is nDPI ? -nDPI® is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions. We have tried to push them into the OpenDPI source tree but nobody answered emails so we have decided to create our own source tree +nDPI® is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions. We have tried to push them into the OpenDPI source tree but nobody answered emails, so we have decided to create our own source tree A generic FAQ about nDPI® is available [here](https://github.com/ntop/nDPI/blob/dev/doc/FAQ.md) diff --git a/doc/FAQ.md b/doc/FAQ.md index 20850cbfc82..75e568de619 100644 --- a/doc/FAQ.md +++ b/doc/FAQ.md @@ -3,10 +3,10 @@ From https://www.ntop.org/ndpi/ndpi-internals-and-frequent-questions/ **Q**: How nDPI implements protocol detection?\ -**A**: nDPI includes a list of protocol dissectors (364 as of today) that are able to dissect protocols such as WhatsApp or TLS. As soon as a new flow is submitted to nDPI, the library applies in sequence dissectors that can potentially match the protocols (i.e. telnet is a TCP-based protocol and it will not be considered for UDP flows). We start from the dissector that can most probably match using the port number. This means for traffic on TCP/22 nDPI will start with the SSH dissectors and if not matching continue with the others. Dissection completes as soon as a protocol matches or when none of them matched and in this case the flow will be labelled as Unknown. +**A**: nDPI includes a list of protocol dissectors (364 as of today) that are able to dissect protocols such as WhatsApp or TLS. As soon as a new flow is submitted to nDPI, the library applies in sequence dissectors that can potentially match the protocols (i.e. telnet is a TCP-based protocol, and it will not be considered for UDP flows). We start from the dissector that can most probably match using the port number. This means for traffic on TCP/22 nDPI will start with the SSH dissectors and if not matching continue with the others. Dissection completes as soon as a protocol matches or when none of them matched and in this case the flow will be labelled as Unknown. **Q**: What is the nDPI release cycle?\ -**A**: We cut release a approximately every 6-8 months, fixes and improvements are on a daily basis (check the nDPI code on GitHub). +**A**: We cut a release approximately every 6-8 months, fixes and improvements are on a daily basis (check the nDPI code on GitHub). **Q**: Is nDPI running on all popular platforms?\ **A**: Yes it runs on Linux, macOS, Windows… and also on not-so-popular ones such as IBM mainframes. We support ARM, Intel, RISC… architectures. @@ -15,19 +15,19 @@ From https://www.ntop.org/ndpi/ndpi-internals-and-frequent-questions/ **A**: It depends on the protocol. For UDP-based protocols such as DNS one packet is enough, for more complex protocols such as TLS about 10 packets. For sure if after 15-20 packets nDPI has not detected the application protocol, then the protocol is labelled as Unknown. **Q**: Is nDPI detection only based on protocol dissectors?\ -**A**: No, payload inspection is the main technique, but nDPI can also use IP address, ports, TLS certificates etc as signatures for protocols. In this case, after detection is complete, nDPI will report if the match was performed on payload inspection or other means (e.g. IP address). +**A**: No, payload inspection is the main technique, but nDPI can also use IP address, ports, TLS certificates, etc., as signatures for protocols. In this case, after detection is complete, nDPI will report if the match was performed on payload inspection or other means (e.g. IP address). **Q**: Does nDPI contain list of known IP addresses?\ **A**: Yes it includes lists of well known IPs such as those provided by Microsoft of Meta for identifying known service. **Q**: Can I extend nDPI by defining new protocols with a configuration file?\ -**A**: Yes you can. See this [file](https://github.com/ntop/nDPI/blob/dev/example/protos.txt) as an example for defining new protocols.. +**A**: Yes you can. See this [file](https://github.com/ntop/nDPI/blob/dev/example/protos.txt) as an example for defining new protocols. **Q**: Is nDPI able to detect VPNs?\ **A**: Yes it can detect VPNS such as Tailscale, WireGuard, OpenVPN, FortiClient.. and also in-app VPNs such as UltraSurf or OperaVPN. **Q**: Is nDPI able to detect malware and viruses?\ -**A**: It can detect anomalous behaviour that can be caused by a malware, but nDPI is not a signature-based tool so it does not include signatures for malware A or B. This is because [signature-based tools](https://en.wikipedia.org/wiki/Intrusion_detection_system) have various limitations and resource intensive, whereas nDPI has been designed to be used also in high-speed (100 Gbit+) networks. +**A**: It can detect anomalous behaviour that can be caused by a malware, but nDPI is not a signature-based tool, so it does not include signatures for malware A or B. This is because [signature-based tools](https://en.wikipedia.org/wiki/Intrusion_detection_system) have various limitations and resource intensive, whereas nDPI has been designed to be used also in high-speed (100 Gbit+) networks. **Q**: Is nDPI able to detect security issues?\ **A**: Yes it can by means of a technique called [flow risk](https://github.com/ntop/nDPI/blob/dev/doc/flow_risks.rst). It can identify 50+ threats (e.g. a host that is talking with a malware host). diff --git a/example/protos.txt b/example/protos.txt index 85d33583066..810ea1911f9 100644 --- a/example/protos.txt +++ b/example/protos.txt @@ -31,17 +31,17 @@ host:"api-global.netflix.com"@Netflix # # NOTES -# 1) the port of a custom protocol is optional but if +# 1) The port of a custom protocol is optional but if # specified it must match the port. -# 2) you can specify up to 1 port per IP address -# 3) if you specify a custom ip:: rule, +# 2) You can specify up to 1 port per IP address. +# 3) If you specify a custom ip:: rule, # even if the doesn't match the # (if best match during the search) will # have priority as best match. Example if # you specify a : and # in your traffic have match for such IP but # with a port other than 9999, the IP address -# begin a best match will hve preference over +# being the best match will have preference over # so this protocol will not be # detected as .Google but only # as diff --git a/lists/README.md b/lists/README.md index 8341d324be2..510cd055c1e 100644 --- a/lists/README.md +++ b/lists/README.md @@ -15,6 +15,6 @@ Domain Suffix List ------------------ public_suffix_list.dat can be downloaded from -https://publicsuffix.org/list/public_suffix_list.dat and +https://publicsuffix.org/list/public_suffix_list.dat, and it contains the list of domain suffixes diff --git a/python/DEV_GUIDE.md b/python/DEV_GUIDE.md index e729ac08fb3..61c8f5ba01e 100644 --- a/python/DEV_GUIDE.md +++ b/python/DEV_GUIDE.md @@ -9,8 +9,7 @@ int ndpi_des_init(struct ndpi_des_struct *des, double alpha, double beta, float ## Add it to NDPI_APIS Python definition - -[**NDPI_APIS**][py_ndpi_api] must be updated with the this new API your want to add. +[**NDPI_APIS**][py_ndpi_api] must be updated with the new API you want to add. ## Regenerate bindings diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 58159930e5b..78527f79098 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -22,8 +22,8 @@ */ -#ifndef __NDPI_PROTOCOLS_IDS_H__ -#define __NDPI_PROTOCOLS_IDS_H__ +#ifndef __NDPI_PROTOCOL_IDS_H__ +#define __NDPI_PROTOCOL_IDS_H__ #define NDPI_PROTOCOL_SIZE 2 diff --git a/tests/dga/README.md b/tests/dga/README.md index 6bc7dfa2040..c5b75936810 100644 --- a/tests/dga/README.md +++ b/tests/dga/README.md @@ -19,7 +19,7 @@ The modification can be a simple threshold change or a future lightweight ML app ## Used data -Original used dataset is a collection of legit and DGA domains (balanced) that can be obtained as follow: +Original used dataset is a collection of legit and DGA domains (balanced) that can be obtained as follows: ```shell wget https://raw.githubusercontent.com/chrmor/DGA_domains_dataset/master/dga_domains_full.csv @@ -66,5 +66,5 @@ You can evaluate your modifications performances before submitting it as follows ./do-dga.sh ``` -If your modifications decreases baseline performances, test will fails. -If not (well done), test passed and you must update the baseline metrics with your obtained ones. +If your modifications decreases baseline performances, test will fail. +If not (well done), test passed, and you must update the baseline metrics with your obtained ones. diff --git a/utils/hostname2list.py b/utils/hostname2list.py index beb078a1f87..46efd5efdab 100755 --- a/utils/hostname2list.py +++ b/utils/hostname2list.py @@ -2,7 +2,7 @@ import sys -# This scripts is used to create "hostname/sni -> protocols" lists. +# This script is used to create "hostname/sni -> protocols" lists. if len(sys.argv) < 6: print("Usage: {} ".format(sys.argv[0])) sys.exit(1) diff --git a/utils/ipaddr2list.py b/utils/ipaddr2list.py index 9dcee08205c..91188b6d8d4 100755 --- a/utils/ipaddr2list.py +++ b/utils/ipaddr2list.py @@ -3,7 +3,7 @@ import sys import socket -# These scripts are mainly used to create "ip -> protocols" lists. +# This script is mainly used to create "ip -> protocols" lists. # However, it is also used to create "ip -> risk" lists proto = "NDPI_PROTOCOL_XYX" append_name = "" diff --git a/wireshark/README.md b/wireshark/README.md index 37a81beb6a7..33d284b882b 100644 --- a/wireshark/README.md +++ b/wireshark/README.md @@ -13,7 +13,7 @@ nDPI can provide Wireshark protocol dissection to complement internal protocol d At Wireshark startup you will find a new extcap interface named "nDPI interface". Select that interface and specify an interface name (for live capture) or a pcap file path (for reading packets from a pcap file). You can choose a nDPI protocol list from the dropdown menu in case you want Wireshark to dissect only protocols of the specified nDPI application protocol. -During capture the ndpiReader plugin will pass Wireshark the nDPI protocol information adding an ethernet packet trailer that contains nDPI information. The lua plugin interprets this information and it displays it in the Wireshark GUI. +During capture the ndpiReader plugin will pass Wireshark the nDPI protocol information adding an ethernet packet trailer that contains nDPI information. The lua plugin interprets this information, and it displays it in the Wireshark GUI. ## nDPI Packet Filtering diff --git a/wireshark/tshark/README.md b/wireshark/tshark/README.md index 738a2cdfa92..5261dfbda36 100644 --- a/wireshark/tshark/README.md +++ b/wireshark/tshark/README.md @@ -11,4 +11,4 @@ This directory contains the implementation of the tshark class that contains thr - function tshark:read() ## Examples -This this directory you can find simple code examples that show how to use the tshark class including counting packets and flow traffic accounting. +In this directory you can find simple code examples that show how to use the tshark class including counting packets and flow traffic accounting.