Last week we have attended Suricon 2024, the annual conference about Suricata and presented our work on how nDPI has been integrated with Suricata. At ntop we like to contribute to other open source projects we use and like, such as Suricata and Wireshark. One of the main limitations of Suricata is its inability to monitor many protocols (currently the engine supports ~20 protocols compared to 450+ protocols supported by nDPI) and the lack of behaviour analysis that would very well complement Suricata signature-based analysis. These have been the reasons why we have decided to write some code to integrated Suricata with nDPI. Our code contribution is close to be merged into Suricata and we hope this will happen in the next couple fo weeks.
For those who have been unable to attend Suricon, these are our presentation slides to see what we have presented in Madrid.
Enjoy !