nDPI

nDPI

Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification
From time to time we receive emails form people asking how nDPI compares with other similar toolkits. Licio Marchetti has shared this report Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification written by the Universitat Politècnica de Catalunya that says: “the best accuracy we obtained from NDPI (91 points), PACE (82 points), UPC MLA (79 points), and Libprotoident (78 points)”. So nDPI looks in good shape 🙂 This said, last week we have improved quite bit the Bittorrent and Skype dissectors and we have create a small test tool that demonstrate …
nDPI

Configuring nDPI for Custom Protocol Detection
The first release of nDPI was basically a refresh of the OpenDPI library on which nDPI is built. Over the past few months we have made many changes including: Port to various platforms including Linux, MacOSX, Windows and FreeBSD. Enhancement of the demo pcapReader application both in terms of speed/features and encapsulations supported (for instance you can now analyse GTP-tunneled traffic). Ability to compile nDPI for the Linux kernel so that you can use it for developing efficient kernel-based modules. Various speed enhancements so that nDPI is now faster than …
Announce

Say hello to nDPI (Network DPI)
The equation “port = (application) protocol” no longer holds. DPI (Deep Packet Inspection) is the way to detect known protocols on non-known ports (e.g. http on ports other than 80) and traffic on know port that is not the one we expect (e.g. skype on port 80). On a nutshell, we need to look at packet content and see what’s inside. P2P protocols have been designed from day one with the ability to circumvent network policies in order to reach their peers, and they are good example of places where …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe