This post will teach you how to create a cheap WiFi access point able to enforce layer-7 application protocols. In order to do this you can use a cheap RaspberryPi or BeagleBoard with a USB WiFi stick, or use a x86 PC. The USB stick we use is the following # lsusb Bus […]
Introducing nDPI 1.6
This is to announce the availability of nDPI 1.6, a maintenance release that consolidates this open source deep packet inspection library. This is going to be the last version of the 1.x branch, as we plan (see the enhancements we have planned) major changes for the 2.0 release. Changelog: Moved to github, with continuous testing […]
How to Enforce Layer-7 Traffic Policies Using ntopng
ntopng has been traditionally used to passively monitoring network traffic. However as years ago IDS (Intrusion Detection System) became mature products and eventually became IPS (Intrusion Prevention System), it was time to add inline traffic capabilities in ntopng. This post gives you s sneak preview of this new feature (still under development) that will be […]
Running ntopng and nDPI on MacOSX
On Mac OS X users expect simple tool packaging and installation. Initially we planned to distribute .dmg files containing our apps, but then we have decided that in order to support current and future OSX version more easily, this was not the way to go. For this reason we have added support for packaging systems […]
Released nDPI 1.5.1 and ntopng 1.2.1
Today we have released a maintenance version of both nDPI and ntopng that address minor issues present in the previous stable release. In particular for ntopng we have addressed many small security holes identified by security researchers (our thanks go to Luca Carettoni), and thus we encourage you to upgrade when possible; note that for all […]
Released nDPI 1.5
Today we have have released nDPI 1.5. The main changes include: Support of additional protocols such as Redis, ZeroMQ, Collectd, Megaco. Fixed bugs in existing protocol dissectors and refreshed protocols that changed since the previous release (e.g Skype that is a real moving target). Major improvements of the sample ndpiReader application: Added 10 Gbit DNA/ZC support when capturing […]
Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification
From time to time we receive emails form people asking how nDPI compares with other similar toolkits. Licio Marchetti has shared this report Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification written by the Universitat Politècnica de Catalunya that says: “the best accuracy we obtained from NDPI (91 points), PACE (82 points), UPC MLA (79 points), […]
Configuring nDPI for Custom Protocol Detection
The first release of nDPI was basically a refresh of the OpenDPI library on which nDPI is built. Over the past few months we have made many changes including: Port to various platforms including Linux, MacOSX, Windows and FreeBSD. Enhancement of the demo pcapReader application both in terms of speed/features and encapsulations supported (for instance […]
Say hello to nDPI (Network DPI)
The equation “port = (application) protocol” no longer holds. DPI (Deep Packet Inspection) is the way to detect known protocols on non-known ports (e.g. http on ports other than 80) and traffic on know port that is not the one we expect (e.g. skype on port 80). On a nutshell, we need to look at […]