nDPI

Open and Extensible LGPLv3 Deep Packet Inspection Library.


nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the LGPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI to be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used in ntop tools and various third party applications for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http on ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

Metadata Extraction


nDPI not only detects the application protocol, but it also report relevant metadata associated with a flow such as URL, TLS certificate, Operating System etc. Below you can find an example of metadata that can be extracted from a flow.

{
   "first_seen":1456184267.696,
   "last_seen":1456184289.106,
   "duration":21.410,
   "flow_id":2152,
   "vlan_id":0,
   "src_ip":"192.168.1.90",
   "dest_ip":"206.58.211.195",
   "src_port":55074,
   "dst_port":443,
   "ip":4,
   "proto":"TCP",
   "ndpi":{
      "confidence":{
         "6":"DPI"
      },
      "proto":"TLS.Google",
      "proto_id":"91.126",
      "proto_by_ip":"Google",
      "proto_by_ip_id":126,
      "encrypted":1,
      "breed":"Acceptable",
      "category_id":5,
      "category":"Web",
      "hostname":"www.google.es",
      "tls":{
         "version":"TLSv1.2",
         "server_names":"*.google.com,google-analytics.com,google.com,googlecommerce.com,youtu.be,youtube.com",
         "ja3":"d4693422c5ce1565377aca25940ad80c",
         "ja3s":"8d9971006a2ddb0de34017d703f825d9",
         "unsafe_cipher":0,
         "cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
         "issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2",
         "subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com",
         "advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1",
         "negotiated_alpn":"h2",
         "fingerprint":"D8:9E:22:F9:E3:AB:23:60:CB:B4:6D:C0:1C:67:06:F1:76:E9:1C:D9"
      }
   },
   ...

Traffic Analysis


nDPI not only offers DPI features, but it includes various features for traffic classification and analysis that enable you to create your application without having to implement complex analysis capabilities as they are already provided by nDPI (read more).

Supported Protocols


The nDPI engine is continuously extended with new protocol dissectors: protocols are added or updates every day. As of today, the list of applications the engine is able to detect includes:

 Id Protocol               Layer_4    Nw_Proto Breed        Category
  0 Unknown                TCP        X        Unrated      Unspecified
  1 FTP_CONTROL            TCP        X        Unsafe       Download
  2 POP3                   TCP        X        Unsafe       Email
  3 SMTP                   TCP        X        Acceptable   Email
  4 IMAP                   TCP        X        Unsafe       Email
  5 DNS                    TCP/UDP    X        Acceptable   Network
  6 IPP                    TCP/UDP    X        Acceptable   System
  7 HTTP                   TCP        X        Acceptable   Web
  8 MDNS                   TCP        X        Acceptable   Network
  9 NTP                    UDP        X        Acceptable   System
 10 NetBIOS                TCP/UDP    X        Acceptable   System
 11 NFS                    TCP/UDP    X        Acceptable   DataTransfer
 12 SSDP                   UDP        X        Acceptable   System
 13 BGP                    TCP        X        Acceptable   Network
 14 SNMP                   UDP        X        Acceptable   Network
 15 XDMCP                  TCP/UDP    X        Acceptable   RemoteAccess
 16 SMBv1                  TCP        X        Dangerous    System
 17 Syslog                 TCP/UDP    X        Acceptable   System
 18 DHCP                   UDP        X        Acceptable   Network
 19 PostgreSQL             TCP        X        Acceptable   Database
 20 MySQL                  TCP        X        Acceptable   Database
 21 Outlook                TCP                 Acceptable   Email
 22 Free22                 TCP        X        Potentially Dangerous Download
 23 POPS                   TCP                 Safe         Email
 24 Tailscale              UDP                 Acceptable   VPN
 25 Free25                 TCP        X        Potentially Dangerous Download
 26 ntop                   TCP                 Safe         Network
 27 COAP                   UDP        X        Safe         RPC
 28 VMware                 UDP        X        Acceptable   RemoteAccess
 29 SMTPS                  TCP                 Safe         Email
 30 DTLS                   UDP        X        Safe         Web
 31 UBNTAC2                UDP        X        Safe         Network
 32 Kontiki                UDP        X        Potentially Dangerous Media
 33 Free33                 TCP        X        Potentially Dangerous Download
 34 Free34                 TCP        X        Potentially Dangerous Download
 35 Gnutella               TCP/UDP    X        Potentially Dangerous Download
 36 eDonkey                TCP/UDP    X        Unsafe       Download
 37 BitTorrent             TCP/UDP    X        Acceptable   Download
 38 Skype_TeamsCall        TCP                 Acceptable   VoIP
 39 Signal                 TCP                 Fun          Chat
 40 Memcached              TCP/UDP    X        Acceptable   Network
 41 SMBv23                 TCP        X        Acceptable   System
 42 Mining                 TCP/UDP             Unsafe       Mining
 43 NestLogSink            TCP                 Acceptable   Cloud
 44 Modbus                 TCP        X        Acceptable   IoT-Scada
 45 WhatsAppCall           TCP                 Acceptable   VoIP
 46 DataSaver              TCP                 Fun          Web
 47 Xbox                   UDP                 Fun          Game
 48 QQ                     UDP                 Fun          Chat
 49 TikTok                 TCP                 Fun          SocialNetwork
 50 RTSP                   TCP/UDP    X        Fun          Media
 51 IMAPS                  TCP                 Safe         Email
 52 IceCast                TCP        X        Fun          Media
 53 CPHA                   UDP                 Fun          Network
 54 PPStream               UDP                 Fun          Streaming
 55 Zattoo                 TCP/UDP             Fun          Video
 56 Free56                 TCP        X        Fun          Music
 57 Free57                 TCP        X        Fun          Video
 58 Discord                UDP                 Fun          Collaborative
 59 TVUplayer              TCP/UDP             Fun          Video
 60 MongoDB                TCP        X        Acceptable   Database
 61 Pluralsight            TCP                 Fun          Video
 62 Free62                 TCP                 Fun          Download
 63 OCSP                   TCP                 Safe         Network
 64 VXLAN                  UDP        X        Acceptable   Network
 65 IRC                    TCP        X        Unsafe       Chat
 66 MerakiCloud            UDP        X        Acceptable   Network
 67 Jabber                 TCP/UDP    X        Acceptable   Web
 68 Nats                   TCP        X        Acceptable   RPC
 69 AmongUs                UDP                 Fun          Game
 70 Yahoo                  TCP                 Safe         Web
 71 DisneyPlus             TCP                 Fun          Streaming
 72 GooglePlus             TCP                 Fun          SocialNetwork
 73 VRRP                   TCP        X        Acceptable   Network
 74 Steam                  TCP/UDP             Fun          Game
 75 HalfLife2              UDP        X        Fun          Game
 76 WorldOfWarcraft        TCP                 Fun          Game
 77 Telnet                 TCP        X        Unsafe       RemoteAccess
 78 STUN                   TCP/UDP    X        Acceptable   Network
 79 IPSec                  UDP        X        Safe         VPN
 80 GRE                               X        Acceptable   Network
 81 ICMP                              X        Acceptable   Network
 82 IGMP                              X        Acceptable   Network
 83 EGP                               X        Acceptable   Network
 84 SCTP                              X        Acceptable   Network
 85 OSPF                              X        Acceptable   Network
 86 IP_in_IP                          X        Acceptable   Network
 87 RTP                    UDP        X        Acceptable   Media
 88 RDP                    TCP/UDP    X        Acceptable   RemoteAccess
 89 VNC                    TCP        X        Acceptable   RemoteAccess
 90 Tumblr                 TCP                 Fun          SocialNetwork
 91 TLS                    TCP        X        Safe         Web
 92 SSH                    TCP        X        Acceptable   RemoteAccess
 93 Usenet                 TCP        X        Acceptable   Web
 94 MGCP                   UDP        X        Acceptable   VoIP
 95 IAX                    UDP        X        Acceptable   VoIP
 96 TFTP                   UDP        X        Acceptable   DataTransfer
 97 AFP                    TCP        X        Acceptable   DataTransfer
 98 Free98                 TCP        X        Potentially Dangerous Download
 99 Free99                 TCP                 Fun          Download
100 SIP                    TCP/UDP    X        Acceptable   VoIP
101 TruPhone               TCP                 Acceptable   VoIP
102 ICMPV6                            X        Acceptable   Network
103 DHCPV6                 UDP        X        Acceptable   Network
104 Armagetron             UDP        X        Fun          Game
105 Crossfire              TCP/UDP             Fun          RPC
106 Dofus                  TCP        X        Fun          Game
107 Free107                TCP        X        Fun          Game
108 Free108                TCP        X        Fun          Game
109 Guildwars              TCP        X        Fun          Game
110 AmazonAlexa            TCP                 Acceptable   VirtAssistant
111 Kerberos               TCP/UDP    X        Acceptable   Network
112 LDAP                   TCP/UDP    X        Acceptable   System
113 MapleStory             TCP                 Fun          Game
114 MsSQL-TDS              TCP        X        Acceptable   Database
115 PPTP                   TCP        X        Acceptable   VPN
116 Warcraft3              TCP/UDP    X        Fun          Game
117 WorldOfKungFu          TCP        X        Fun          Game
118 Slack                  TCP                 Acceptable   Collaborative
119 Facebook               TCP                 Fun          SocialNetwork
120 Twitter                TCP                 Fun          SocialNetwork
121 Dropbox                UDP                 Acceptable   Cloud
122 GMail                  TCP                 Acceptable   Email
123 GoogleMaps             TCP                 Safe         Web
124 YouTube                TCP                 Fun          Media
125 Skype_Teams            UDP                 Acceptable   VoIP
126 Google                 TCP                 Acceptable   Web
127 RPC                    TCP/UDP    X        Acceptable   RPC
128 NetFlow                UDP        X        Acceptable   Network
129 sFlow                  UDP        X        Acceptable   Network
130 HTTP_Connect           TCP        X        Acceptable   Web
131 HTTP_Proxy             TCP        X        Acceptable   Web
132 Citrix                 TCP                 Acceptable   Network
133 NetFlix                TCP                 Fun          Video
134 LastFM                 TCP                 Fun          Music
135 Waze                   TCP                 Acceptable   Web
136 YouTubeUpload          TCP                 Fun          Media
137 Hulu                   TCP                 Fun          Streaming
138 CHECKMK                TCP        X        Acceptable   DataTransfer
139 AJP                    TCP        X        Acceptable   Web
140 Apple                  TCP                 Safe         Web
141 Webex                  TCP                 Acceptable   VoIP
142 WhatsApp               TCP                 Acceptable   Chat
143 AppleiCloud            TCP                 Acceptable   Web
144 Viber                  TCP/UDP             Fun          VoIP
145 AppleiTunes            TCP                 Fun          Streaming
146 Radius                 UDP        X        Acceptable   Network
147 WindowsUpdate          TCP                 Safe         SoftwareUpdate
148 TeamViewer             TCP/UDP             Acceptable   RemoteAccess
149 Tuenti                 TCP                 Acceptable   VoIP
150 LotusNotes             TCP        X        Acceptable   Collaborative
151 SAP                    TCP        X        Acceptable   Network
152 GTP                    UDP        X        Acceptable   Network
153 WSD                    UDP        X        Acceptable   Network
154 LLMNR                  TCP        X        Acceptable   Network
155 TocaBoca               UDP        X        Fun          Game
156 Spotify                TCP/UDP             Fun          Music
157 Messenger              TCP                 Acceptable   Chat
158 H323                   TCP/UDP    X        Acceptable   VoIP
159 OpenVPN                TCP/UDP             Acceptable   VPN
160 NOE                    UDP        X        Acceptable   VoIP
161 CiscoVPN               TCP/UDP    X        Acceptable   VPN
162 TeamSpeak              TCP/UDP    X        Fun          VoIP
163 Tor                    TCP                 Potentially Dangerous VPN
164 CiscoSkinny            TCP        X        Acceptable   VoIP
165 RTCP                   TCP/UDP    X        Acceptable   VoIP
166 RSYNC                  TCP        X        Acceptable   DataTransfer
167 Oracle                 TCP        X        Acceptable   Database
168 Corba                  TCP        X        Acceptable   RPC
169 UbuntuONE              TCP                 Acceptable   Cloud
170 Whois-DAS              TCP        X        Acceptable   Network
171 SD-RTN                 UDP        X        Acceptable   Media
172 SOCKS                  TCP        X        Acceptable   Web
173 Nintendo               UDP                 Fun          Game
174 RTMP                   TCP        X        Acceptable   Media
175 FTP_DATA               TCP        X        Acceptable   Download
176 Wikipedia              TCP                 Safe         Web
177 ZeroMQ                 TCP        X        Acceptable   RPC
178 Amazon                 TCP                 Acceptable   Web
179 eBay                   TCP                 Safe         Shopping
180 CNN                    TCP                 Safe         Web
181 Megaco                 UDP        X        Acceptable   VoIP
182 Redis                  TCP        X        Acceptable   Database
183 Pinterest              TCP                 Fun          SocialNetwork
184 VHUA                   UDP        X        Fun          VoIP
185 Telegram               TCP/UDP             Acceptable   Chat
186 Vevo                   TCP                 Fun          Music
187 Pandora                TCP                 Fun          Streaming
188 QUIC                   UDP        X        Acceptable   Web
189 Zoom                   TCP                 Acceptable   Video
190 EAQ                    UDP        X        Acceptable   Network
191 Ookla                  TCP/UDP             Safe         Network
192 AMQP                   TCP        X        Acceptable   RPC
193 KakaoTalk              TCP                 Acceptable   Chat
194 KakaoTalk_Voice        UDP        X        Acceptable   VoIP
195 Twitch                 TCP                 Fun          Video
196 DoH_DoT                TCP                 Acceptable   Network
197 WeChat                 TCP                 Fun          Chat
198 MPEG_TS                UDP        X        Fun          Media
199 Snapchat               TCP                 Fun          SocialNetwork
200 Sina(Weibo)            TCP                 Fun          SocialNetwork
201 GoogleHangoutDuo       TCP/UDP             Acceptable   VoIP
202 IFLIX                  TCP                 Fun          Video
203 Github                 TCP                 Acceptable   Collaborative
204 BJNP                   UDP        X        Acceptable   System
205 Reddit                 TCP                 Fun          SocialNetwork
206 WireGuard              UDP                 Acceptable   VPN
207 SMPP                   TCP        X        Acceptable   Download
208 DNScrypt               TCP/UDP             Acceptable   Network
209 TINC                   TCP/UDP    X        Acceptable   VPN
210 Deezer                 TCP                 Fun          Music
211 Instagram              TCP                 Fun          SocialNetwork
212 Microsoft              TCP                 Safe         Cloud
213 Starcraft              TCP/UDP    X        Fun          Game
214 Teredo                 UDP        X        Acceptable   Network
215 HotspotShield          TCP                 Potentially Dangerous VPN
216 IMO                    UDP        X        Acceptable   VoIP
217 GoogleDrive            TCP                 Acceptable   Cloud
218 OCS                    TCP                 Fun          Media
219 Microsoft365           TCP                 Acceptable   Collaborative
220 Cloudflare             TCP                 Acceptable   Web
221 MS_OneDrive            TCP                 Acceptable   Cloud
222 MQTT                   TCP        X        Acceptable   RPC
223 RX                     UDP        X        Acceptable   RPC
224 AppleStore             TCP                 Safe         SoftwareUpdate
225 OpenDNS                TCP                 Acceptable   Web
226 Git                    TCP        X        Safe         Collaborative
227 DRDA                   TCP        X        Acceptable   Database
228 PlayStore              TCP                 Safe         SoftwareUpdate
229 SOMEIP                 TCP/UDP    X        Acceptable   RPC
230 FIX                    TCP        X        Safe         RPC
231 Playstation            TCP                 Fun          Game
232 Pastebin               TCP                 Potentially Dangerous Download
233 LinkedIn               TCP                 Fun          SocialNetwork
234 SoundCloud             TCP                 Fun          Music
235 CSGO                   UDP        X        Fun          Game
236 LISP                   TCP/UDP    X        Acceptable   Cloud
237 Diameter               TCP        X        Acceptable   Network
238 ApplePush              TCP                 Acceptable   Cloud
239 GoogleServices         TCP                 Acceptable   Web
240 AmazonVideo            TCP/UDP             Fun          Cloud
241 GoogleDocs             TCP                 Acceptable   Collaborative
242 WhatsAppFiles          TCP                 Acceptable   Download
243 TargusDataspeed        TCP        X        Acceptable   Network
244 DNP3                   TCP        X        Acceptable   IoT-Scada
245 IEC60870               TCP        X        Acceptable   IoT-Scada
246 Bloomberg              TCP                 Acceptable   Network
247 CAPWAP                 UDP        X        Acceptable   Network
248 Zabbix                 TCP        X        Acceptable   Network
249 s7comm                 TCP        X        Acceptable   Network
250 Teams                  TCP                 Safe         Collaborative
251 WebSocket              TCP        X        Acceptable   Web
252 AnyDesk                TCP                 Acceptable   RemoteAccess
253 SOAP                   TCP        X        Acceptable   RPC
254 AppleSiri              TCP                 Acceptable   VirtAssistant
255 SnapchatCall           TCP                 Acceptable   VoIP
256 HP_VIRTGRP             TCP        X        Acceptable   Network
257 GenshinImpact          TCP/UDP    X        Fun          Game
258 Activision             UDP                 Fun          Game
259 FortiClient            TCP                 Safe         VPN
260 Z3950                  TCP        X        Acceptable   Network
261 Likee                  TCP                 Fun          SocialNetwork
262 GitLab                 TCP                 Fun          Collaborative
263 AVASTSecureDNS         UDP                 Safe         Network
264 Cassandra              TCP        X        Acceptable   Database
265 AmazonAWS              TCP                 Acceptable   Cloud
266 Salesforce             TCP                 Safe         Cloud
267 Vimeo                  TCP                 Fun          Streaming
268 FacebookVoip           TCP                 Acceptable   VoIP
269 SignalVoip             TCP                 Acceptable   VoIP
270 Fuze                   TCP                 Acceptable   VoIP
271 GTP_U                  TCP        X        Acceptable   Network
272 GTP_C                  TCP        X        Acceptable   Network
273 GTP_PRIME              TCP        X        Acceptable   Network
274 Alibaba                TCP                 Acceptable   Web
275 Crashlytics            TCP                 Acceptable   DataTransfer
276 Azure                  TCP                 Acceptable   Cloud
277 iCloudPrivateRelay     TCP                 Acceptable   VPN
278 EthernetIP             TCP        X        Acceptable   Network
279 Badoo                  TCP                 Fun          SocialNetwork
280 AccuWeather            TCP                 Fun          Web
281 GoogleClassroom        TCP                 Safe         Collaborative
282 HSRP                   UDP        X        Acceptable   Network
283 Cybersec               TCP                 Safe         Cybersecurity
284 GoogleCloud            TCP                 Acceptable   Cloud
285 Tencent                TCP                 Fun          SocialNetwork
286 RakNet                 UDP        X        Fun          Game
287 Xiaomi                 TCP                 Acceptable   Web
288 Edgecast               TCP                 Acceptable   Cloud
289 Cachefly               TCP                 Acceptable   Cloud
290 Softether              UDP                 Acceptable   VPN
291 MpegDash               TCP                 Fun          Media
292 Dazn                   TCP                 Fun          Streaming
293 GoTo                   TCP                 Acceptable   VoIP
294 RSH                    TCP        X        Unsafe       RemoteAccess
295 1kxun                  TCP                 Fun          Streaming
296 PGM                               X        Acceptable   Network
297 IP_PIM                            X        Acceptable   Network
298 collectd               UDP        X        Acceptable   System
299 TunnelBear             TCP                 Acceptable   VPN
300 CloudflareWarp         TCP                 Acceptable   VPN
301 i3D                    UDP        X        Fun          Game
302 RiotGames              UDP        X        Fun          Game
303 Psiphon                TCP                 Acceptable   VPN
304 UltraSurf              TCP        X        Acceptable   VPN
305 Threema                TCP        X        Fun          Chat
306 AliCloud               TCP        X        Acceptable   Cloud
307 AVAST                  TCP        X        Safe         Network
308 TiVoConnect            TCP/UDP    X        Fun          Network
309 Kismet                 TCP        X        Acceptable   Network
310 FastCGI                TCP        X        Safe         Network
311 FTPS                   TCP        X        Unsafe       Download
312 NAT-PMP                UDP        X        Acceptable   Network
313 Syncthing              UDP        X        Fun          Download
314 CryNetwork             UDP        X        Fun          Game
315 Line                   TCP        X        Acceptable   Chat
316 LineCall               UDP        X        Acceptable   VoIP
317 AppleTVPlus            TCP                 Fun          Streaming
318 DirecTV                TCP                 Fun          Streaming
319 HBO                    TCP                 Fun          Streaming
320 Vudu                   TCP                 Fun          Streaming
321 Showtime               TCP                 Fun          Streaming
322 Dailymotion            TCP                 Fun          Streaming
323 Livestream             TCP                 Fun          Streaming
324 Tencentvideo           TCP                 Fun          Streaming
325 IHeartRadio            TCP                 Fun          Music
326 Tidal                  TCP                 Fun          Music
327 TuneIn                 TCP                 Fun          Music
328 SiriusXMRadio          TCP                 Fun          Music
329 Munin                  TCP        X        Acceptable   System
330 Elasticsearch          TCP        X        Acceptable   System
331 TuyaLP                 UDP        X        Acceptable   IoT-Scada
332 TPLINK_SHP             TCP/UDP    X        Acceptable   IoT-Scada

ETA (Encrypted Traffic Analysis)


The trend of Internet traffic is going towards encrypted content often using TLS/QUIC. nDPI allows you to extract metadata from encrypted communications and also classify encrypted traffic.

Documentation


You can refer to the documentation page for nDPI manuals.

Please Contribute!


DPI is a time-consuming activity as protocols (in particular P2P) change quite often. This means that it’s necessary to update the code from time to time and add extensions. We would encourage anyone out there to help us adding or enhancing new protocols: we will put your contributions on our SVN and make them available to everyone free of charge. In fact the main reason why we decided to go for nDPI instead of using the original library, is that the company behind OpenDPI has never replied to our offers to merge the extensions we coded onto the original source code.

License


nDPI is distributed under the GNU LGPLv3 license and available in source code format.

Operating Systems


Linux Windows Mac FreeBSD

Get It


nDPI is automatically downloaded when you build ntop tools. However nothing prevents you from using it as a standalone DPI library. The source code can be downloaded from the download section.

nDPI is a registered trademark.