All ntop tools are based on nDPI but not every use is familiar with nDPI internals. We often receive questions about it, and it’s time to answer frequent questions. Q: How nDPI implements protocol detection? A: nDPI includes a list of protocol dissectors (356 as of today) that are able to dissect protocols such as […]
nDPI 4.8 is Now Available: Better Performance with Less Memory, Fuzzy Robustness, Many New Protocols
This is to announce the release of nDPI 4.8 that introduces various new protocols (in total 351 protocols and 53 risks), several internal changes to improve packet processing, extension of fuzzing to new components to improve coverage, new algorithms for handling lists with reduced memory and better performance. Protocol changes have been introduced not just […]
How nDPI Improved Bloom Filters Implementation
A Bloom filter is. probabilistic data-structure used to test whether an element is present in a set. Blooms are affected by false positives, meaning that when a bloom returns true it does not mean that the searched element is part of the set but that it is “likely” to be part of the set. nDPI […]
How nDPI Identifies Fully Encrypted Protocols
In the paper How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic it is described a technique used in censorship to identify and block fully encrypted protocols. This technique, limited to TCP flows, uses a few techniques that are applied on the first TCP packet with payload, making it fast and convenient […]
Using nDPI to Monitor Streaming, Messaging and Social Network Traffic
We have created nDPI to label network traffic and extract metadata such as the URL or TLS certificate information. nDPI is the layer on top of which ntop applications are sitting. This time we do not want to talk about nDPI internals but rather use it to monitor Internet traffic. For this reason we have […]
Welcome to nDPI 4.6: code fuzzing, new protocol and flow risks
This is to announce the release of nDPI 4.6 that introduces various improvements with respect to the previous release. Many things changed in this release in terms of number of protocols and robustness thanks to code fuzzing introduced in this release. nDPI now natively supports 332 protocols and 50 flow risks, this in addition to […]
HowTo Monitor Zoom Performance and Video/Call Quality
Zoom is a popular platform for video communications and team collaboration. As many other cloud services, network administrators need to supervise Zoom network traffic usage. DPI toolkits such as nDPI are useful for identifying Zoom traffic for supervising the network bandwidth used by your Zoom calls. Recently we have took advantage of this research work […]
Introducing nDPI 4.4: Many New Protocols, Improvements and Cybersecurity Features
This is to introduce nDPI 4.4 that includes the development activities of the last six months. As with previous releases we are improving protocol support, automatic testing to harden the code for critical environments, and introducing new cybersecurity features for detecting risks and extracting metadata from protocols. Our idea is to make nDPI more user […]
How to Configure Flow Risk Exclusions in nDPI and ntopng
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have written last year. While we are reworking the definition of risk exceptions in ntopng to make them fully configurable with a matter of clicks, you […]
You’re invited at FOSDEM 2022 (5 and 6 February) in the ntop stand
As most of our users know, every year we were used to meet the world of open source at FOSDEM in Brussels. Due to pandemic, this yearly event has been moved online so we invite you to attend it wherever you are. You can find more info at this page, but in summary we have […]