New Features and Enhancements
The following sections describe new features and enhancements available in the JDPI-Decoder releases:
New Software Features and Enhancements Introduced in JDPI-Decoder Release 3278
New Software Features and Enhancements Introduced in JDPI-Decoder Release 3278
The following sections describe new features and enhancements available in JDPI-Decoder Release 3278.
New Applications
New Applications
Table 2 shows the applications that are added in this release of JDPI-Decoder.
Table 2: New Applications
Application Name | Application Type | Reported Over | Description |
|---|---|---|---|
GE-PROCIFY | Infrastructure | TCP | Proficy is a General Electric product for industrial environment. It monitors and do data management from SCADA network. This plugin classifies traffic related to Proficy Gateway service (PR Gateway) and Proficy Licensing server (PR Licensing). |
MILESTONE- SYSTEMS | Multimedia | HTTP/HTTP2/HTTPS/SPDY/SSL | This plugin classifies only website traffic. |
MS-DIME | Infrastructure | TCP | Direct Internet Message Encapsulation (DIME) is a lightweight binary format to encapsulate a binary payload along with its type.This plugin handles version 1 of Dime. |
MS-SSAS | Infrastructure | MS-DIME/SOAP | Microsoft SQL Server Analysis Services (MS-SSAS) is optional component of SQL Server for OnLine Analytical Processing (OLAP). This plugin classifies XMLA (XML for Analysis), which is a SOAP protocol for accessing those databases. |
MOXA-ASPP | Infrastructure | SSL/TCP | This plugin classifies ASPP (Async Server Proprietary Protocol) from Moxa (NPort devices) without activating encryption. |
XPROTECT | Gaming | HTTP/HTTP2/HTTPS/SPDY/ MILESTONE-SYSTEMS/TCP | Xprotect is a professional video surveillance system provided by Milestone Systems. This plugin only support the demonstration version on mobile devices. |
Updated Applications
Updated Applications
Table 3 shows the applications that are updated in this release of JDPI-Decoder.
Table 3: Updated Applications
Application Name | Application Type | Reported Over | Description |
|---|---|---|---|
NDMP | Infrastructure | TCP | NDMP (Network Data Management Protocol) is an open protocol for enterprise-wide network based backup over TCP |
PI-DATA | Infrastructure | TCP | OSI PI DataArchive and Server SCADA protocol (ProcessBook, Datalink, and so on). |
Custom Applications
Custom Applications
Table 4 shows the applications and application contexts that are added in this release of JDPI-Decoder for configuring custom applications.
Table 4: Custom Applications
Application Name | Context | Context Description |
|---|---|---|
DNS | dns-query | DNS query domain name |
dns-query-type | DNS query type | |
dns-flags 3 | DNS header flags | |
SMTP | smtp-method | Command sent by the client |
smtp-greeting-message | The greeting message of the server | |
smtp-attach-type | Content type of the sent attached file | |
smtp-attach-filename | Attachment name | |
smtp-attach-transfer-encoding | The encoding of the attached content | |
smtp-content-type | The content type of transferred file | |
smtp-content-transfer-encoding | The encoding of the content | |
smtp-content-language | Language of message content | |
smtp-mime-version | Version of the message body format standard | |
smtp-received-by-name | Name of the receiving host | |
smtp-received-from-name | The sending host name | |
smtp-server | SMTP server name | |
IMAP | imap-method | Command sent by the client |
imap-greeting-message | The greeting message of the server | |
imap-auth-type | The type of used authentication | |
imap-attach-type | Content type of the sent attached file | |
imap-attach-filename | Name of the file attached | |
imap-attach-transfer-encoding | The encoding of the attached content | |
imap-content-type | Indicates the content type of transferred file | |
imap-content-transfer-encoding | Contains the encoding of the content | |
imap-content-language | Language of message content | |
imap-mime-version | Version of the message body format standard used in the mail protocol | |
imap-received-by-name | Contains the receiving host name | |
imap-received-from-name | Contains the sending host name | |
FTP | ftp-file-name | Filename being transferred |
ftp-greeting-message | First line of the server banner | |
ftp-method | The FTP command sent | |
ftp-content-type | The content type of transferred file | |
ftp-load-way | The file transfer way Upload vs Download | |
ftp-return-content | Message of server's response | |
SSL | ssl-server-name | Server name in TLS server name extension or SSL server certificate |
ssl-organization-name | Organisation name in the certificate | |
ssl-issuer | Certificate Authority | |
ssl-common-name | Domain name in the certificate | |
ssl-version | SSL major version in the handshake | |
ssl-protocol-version | SSL/TLS protocol version chosen by the server | |
HTTP | http-header-content-type | Content-Type: header in an HTTP transaction |
http-header-cookie | Cookie: header in an HTTP transaction | |
http-header-host | Host: header in an HTTP request | |
http-header-user-agent | User-agent: header in an HTTP transaction | |
http-get-url-parsed-param-parsed | The decoded, normalized GET URL in an HTTP request along with the decoded CGI parameters, if any | |
http-url-parsed-param-parsed | The decoded, normalized URL in an HTTP request along with the decoded CGI parameters, if any | |
http-url-parsed | The decoded, normalized URL in an HTTP request | |
http-post-url-parsed-param-parsed | The decoded, normalized POST URL in an HTTP request along with the decoded CGI parameters, if any | |
http-post-variable-parsed | The decoded POST url or form data variables | |
http-filename | Filename being fetched/posted. Extracted if Content-Disposition field has filename |
New or Modified Application Groups
New or Modified Application Groups
Table 5 lists the application groups and the applications that are added or modified for the application groups in this release of JDPI-Decoder.
Table 5: Modified Application Groups
Application Group Name | Applications Details |
|---|---|
applications:gaming | Added XPROTECT applications to the application group. |
applications:infrastructure | Added GE-PROCIFY, MS-DIME, MS-SSAS and MOXA-ASPP applications to the application group. |
applications:web:multimedia | Added MILESTONE-SYSTEMS applications to the application group. |
Applications Converted to Alias
Applications Converted to Alias
No application is deprecated in this release of JDPI-Decoder.