nDPI
nDPI copied to clipboard
ntop
Open Source Deep Packet Inspection Software Toolkit
…es #1702. Signed-off-by: lns
Hi, As per the current test, it's observed most of the free and popular VPN apps are not detected.Most detected as either cloudflare or cloudfront as it's use many dynamic...
ndpiReader with -k -K flags gives rounded timestamps _./ndpiReader -i telegram.pcap -k out.json -K json_ {"src_ip":"192.168.1.77","dest_ip":"91.108.16.4","src_port":23174,"dst_port":538,"ip":4,"proto":"UDP","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"},"**flow_id":23**,"**first_seen_ms":1588779679744.000,"last_seen_ms":1588779679744.000**,"duration_ms":2.971," vs. _./ndpiReader -i telegram.pcap -C out.csv_ #flow_id | protocol | first_seen |...
The attached session (extracted from the unit tests) contains a SOAP flow over HTTP with a Microsoft hostname. How this flow should be classified? 1) SOAP.Microsoft: current result. We lost...
* Shall be used for stream based protocols e.g. TCP, QUIC, etc. Signed-off-by: lns
Is it possible to set risk for DWORD and hex formatted url in http dissector similar to NDPI_HTTP_NUMERIC_IP_HOST?
Hi! Pointer 'flow' that can have only NULL value (ndpi_get_http_method function), is passed as 2nd parameter in call to function ndpi_set_risk where it is dereferenced at ndpi_utils.c:2347.
Hi, Can we export few more profiling stats like (LRU cache usage stats (as entries are fixed and if there is any perf bottleneck happening due to this?, avg no...
I am trying to summarize here the various discussions on multi threads support. What is the current situation? *) `struct ndpi_detection_module_struct` is not thread-safe and it has never been. *)...