Say hello to nDPI (Network DPI)

Posted · Add Comment

The equation “port = (application) protocol” no longer holds. DPI (Deep Packet Inspection) is the way to detect known protocols on non-known ports (e.g. http on ports other than 80) and traffic on know port that is not the one we expect (e.g. skype on port 80). On a nutshell, we need to look at packet content and see what’s inside. P2P protocols have been designed from day one with the ability to circumvent network policies in order to reach their peers, and they are good example of places where DPI can help.

Unfortunately there are very few DPI libraries freely available on the Internet, and most of the time they support “common protocols” (e.g. SMTP, DNS) that are not so challenging. On the other hand popular protocols such as HTTP cannot longer be defined a protocol. We believe that Facebook, Twitter, Netflix and many others are not just sub-HTTP protocols (technically they are of course) but first-class protocols. As we have not found any reasonable DPI library freely available, we decided to create our own starting from OpenDPI that is a good starting point but that lacks many interesting protocols (e.g. Skype) as they are available on the commercial library version. This has been the motivation behind nDPI.

nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. We have added support for many popular protocols such as Twitter, Skype BitTorrent (major enhancements) and also business protocols such as Citrix.

We plan to maintain this library free of charge and updated as new protocols (versions) come out. But on the other hand we need support from the community for tracking bugs and adding extensions. More information can be found at the nDPI home page.