User agent detection enhancements

[subhajit-cdot]

The need for detailed and accurate os version and user agent/device detection from http/https/ or other protocol traffic (? if possible) is increasing these days to monitor the percentage of devices/agents accessing an app/service.

In http dissector code of ndpi, I got a good reference of regexes ( https://github.com/ua-parser/uap-core/blob/master/regexes.yaml ) to implement this feature. Is there any plan to implement this feature? If not, can I get any pointers/suggestions to start the implementation?

Thanks Subhajit

[utoni]

If I understood you correctly, you want to monitor devices by their user agent or any distinctive device signature. nDPI already has such a feature at least if the layer7 protocol and the protocol dissector supports it.

Do you want to "prettify" the dissected user agents? If so, that should be part of your libnDPI integration.

[subhajit-cdot]

Actually I got the above mentioned link in the below code snippet of ndpi. It is used to format or extract meaningful info from the UA string I guess. So, is there any scope of enhancement here? Thanks

static void setHttpUserAgent(struct ndpi_detection_module_struct ndpi_struct, struct ndpi_flow_struct flow, char *ua) { if( !strcmp(ua, "Windows NT 5.0")) ua = "Windows 2000"; else if(!strcmp(ua, "Windows NT 5.1")) ua = "Windows XP"; else if(!strcmp(ua, "Windows NT 5.2")) ua = "Windows Server 2003"; else if(!strcmp(ua, "Windows NT 6.0")) ua = "Windows Vista"; else if(!strcmp(ua, "Windows NT 6.1")) ua = "Windows 7"; else if(!strcmp(ua, "Windows NT 6.2")) ua = "Windows 8"; else if(!strcmp(ua, "Windows NT 6.3")) ua = "Windows 8.1"; else if(!strcmp(ua, "Windows NT 10.0")) ua = "Windows 10";

/* Good reference for future implementations:

• https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */ }

[utoni]

Unsure if the effort required to implement this is worth the results. Seems more like an embellishment.

[subhajit-cdot]

Ok. Thanks