Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New Features and Enhancements

 

The following sections describe new features and enhancements available in the JDPI-Decoder releases:

New Software Features and Enhancements Introduced in JDPI-Decoder Release 3278

New Software Features and Enhancements Introduced in JDPI-Decoder Release 3278

The following sections describe new features and enhancements available in JDPI-Decoder Release 3278.

New Applications

New Applications

Table 2 shows the applications that are added in this release of JDPI-Decoder.

Table 2: New Applications

Application Name

Application Type

Reported Over

Description

GE-PROCIFY

Infrastructure

TCP

Proficy is a General Electric product for industrial environment. It monitors and do data management from SCADA network. This plugin classifies traffic related to Proficy Gateway service (PR Gateway) and Proficy Licensing server (PR Licensing).

MILESTONE-

SYSTEMS

Multimedia

HTTP/HTTP2/HTTPS/SPDY/SSL

This plugin classifies only website traffic.

MS-DIME

Infrastructure

TCP

Direct Internet Message Encapsulation (DIME) is a lightweight binary format to encapsulate a binary payload along with its type.This plugin handles version 1 of Dime.

MS-SSAS

Infrastructure

MS-DIME/SOAP

Microsoft SQL Server Analysis Services (MS-SSAS) is optional component of SQL Server for OnLine Analytical Processing (OLAP). This plugin classifies XMLA (XML for Analysis), which is a SOAP protocol for accessing those databases.

MOXA-ASPP

Infrastructure

SSL/TCP

This plugin classifies ASPP (Async Server Proprietary Protocol) from Moxa (NPort devices) without activating encryption.

XPROTECT

Gaming

HTTP/HTTP2/HTTPS/SPDY/

MILESTONE-SYSTEMS/TCP

Xprotect is a professional video surveillance system provided by Milestone Systems. This plugin only support the demonstration version on mobile devices.

Updated Applications

Updated Applications

Table 3 shows the applications that are updated in this release of JDPI-Decoder.

Table 3: Updated Applications

Application Name

Application Type

Reported Over

Description

NDMP

Infrastructure

TCP

NDMP (Network Data Management Protocol) is an open protocol for enterprise-wide network based backup over TCP

PI-DATA

Infrastructure

TCP

OSI PI DataArchive and Server SCADA protocol (ProcessBook, Datalink, and so on).

Custom Applications

Custom Applications

Table 4 shows the applications and application contexts that are added in this release of JDPI-Decoder for configuring custom applications.

Table 4: Custom Applications

Application Name

Context

Context Description

DNS

dns-query

DNS query domain name

 

dns-query-type

DNS query type

 

dns-flags 3

DNS header flags

SMTP

smtp-method

Command sent by the client

 

smtp-greeting-message

The greeting message of the server

 

smtp-attach-type

Content type of the sent attached file

 

smtp-attach-filename

Attachment name

 

smtp-attach-transfer-encoding

The encoding of the attached content

 

smtp-content-type

The content type of transferred file

 

smtp-content-transfer-encoding

The encoding of the content

 

smtp-content-language

Language of message content

 

smtp-mime-version

Version of the message body format standard

 

smtp-received-by-name

Name of the receiving host

 

smtp-received-from-name

The sending host name

 

smtp-server

SMTP server name

IMAP

imap-method

Command sent by the client

 

imap-greeting-message

The greeting message of the server

 

imap-auth-type

The type of used authentication

 

imap-attach-type

Content type of the sent attached file

 

imap-attach-filename

Name of the file attached

 

imap-attach-transfer-encoding

The encoding of the attached content

 

imap-content-type

Indicates the content type of transferred file

 

imap-content-transfer-encoding

Contains the encoding of the content

 

imap-content-language

Language of message content

 

imap-mime-version

Version of the message body format standard used in the mail protocol

 

imap-received-by-name

Contains the receiving host name

 

imap-received-from-name

Contains the sending host name

FTP

ftp-file-name

Filename being transferred

 

ftp-greeting-message

First line of the server banner

 

ftp-method

The FTP command sent

 

ftp-content-type

The content type of transferred file

 

ftp-load-way

The file transfer way Upload vs Download

 

ftp-return-content

Message of server's response

SSL

ssl-server-name

Server name in TLS server name extension or SSL server certificate

 

ssl-organization-name

Organisation name in the certificate

 

ssl-issuer

Certificate Authority

 

ssl-common-name

Domain name in the certificate

 

ssl-version

SSL major version in the handshake

 

ssl-protocol-version

SSL/TLS protocol version chosen by the server

HTTP

http-header-content-type

Content-Type: header in an HTTP transaction

 

http-header-cookie

Cookie: header in an HTTP transaction

 

http-header-host

Host: header in an HTTP request

 

http-header-user-agent

User-agent: header in an HTTP transaction

 

http-get-url-parsed-param-parsed

The decoded, normalized GET URL in an HTTP request along with the decoded CGI parameters, if any

 

http-url-parsed-param-parsed

The decoded, normalized URL in an HTTP request along with the decoded CGI parameters, if any

 

http-url-parsed

The decoded, normalized URL in an HTTP request

 

http-post-url-parsed-param-parsed

The decoded, normalized POST URL in an HTTP request along with the decoded CGI parameters, if any

 

http-post-variable-parsed

The decoded POST url or form data variables

 

http-filename

Filename being fetched/posted. Extracted if Content-Disposition field has filename

New or Modified Application Groups

New or Modified Application Groups

Table 5 lists the application groups and the applications that are added or modified for the application groups in this release of JDPI-Decoder.

Table 5: Modified Application Groups

Application Group Name

Applications Details

applications:gaming

Added XPROTECT applications to the application group.

applications:infrastructure

Added GE-PROCIFY, MS-DIME, MS-SSAS and MOXA-ASPP applications to the application group.

applications:web:multimedia

Added MILESTONE-SYSTEMS applications to the application group.

Applications Converted to Alias

Applications Converted to Alias

No application is deprecated in this release of JDPI-Decoder.