nDPI
nDPI copied to clipboard
ntop
Open Source Deep Packet Inspection Software Toolkit
Some people complain that numeric nDPi protocol IDs are not persistent. Protocols are removed from nDPI when they are obsolete (i.e. not present in modern traffic) as they keep space...
Hi everyone, forgive me if I am asking a duplicate question, but I am at a loss with regards to ndpi-based display filters in tshark. according to the docs, in...
I believe we can make use of DNS traffic to improve library detection. By looking at DNS responses, we can find out the "dynamic" IPs related to specific domain(s) which...
Dear All, I would like to submit an idea, maybe it can be an enhancement on the whatapp voice signature detection. The idea would be to extract some metadata related...
Since a lot of windows traffic uses the rpc port mapper and dynamic ports the majority of my traffic is Unknown. Sometimes the same port on different hosts is used...
Recently I see that an increasing number of protocols don't match the IPv6 range that could allow to classify applications. The best way is to implement a similar things as...
Currently it is the nDPI caller that decides when a given flow has been detected or not. In order to clean library internals it would be desirable to add a...
Based on internal discussion and ongoing testing w/ LUA/NODE FFI bindings, extend the current nDPI reader examples to include dedicated call & callback mechanisms to be paired with FFI requests;...
Hi, How to analyze all information of TLS protocol from pcap? The following command does not work(nDPI version 4.5.0), though command shows ```-J``` is an option. Command line prompt: ```...
We already performed exactly these lookups in the generic code to populate `flow->guessed_protocol_id_by_ip`: use it! This code probably needs a deeper review, since it is basicaly a simple matching on...
