nDPI——Open and Extensible GPLv3 Deep Packet Inspection Library.
来源:互联网 发布:mac电脑大小写怎么切换 编辑:程序博客网 时间:2024/06/07 02:27
nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.
nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.
We are continuously extending nDPI and so (as of April 2012) far following protocols are supported:
- FTP
- POP
- SMTP
- IMAP
- DNS
- IPP
- HTTP
- MDNS
- NTP
- NETBIOS
- NFS
- SSDP
- BGP
- SNMP
- XDMCP
- SMB
- SYSLOG
- DHCP
- PostgreSQL
- MySQL
- TDS
- DirectDownloadLink
- I23V5
- AppleJuice
- DirectConnect
- Socrates
- WinMX
- MANOLITO
- PANDO
- Filetopia
- iMESH
- Kontiki
- OpenFT
- Kazaa/Fasttrack
- Gnutella
- eDonkey
- Bittorrent (Extended)
- OFF
- AVI
- Flash
- OGG
- MPEG
- QuickTime
- RealMedia
- Windowsmedia
- MMS
- XBOX
- MOVE
- RTSP
- Feidian
- Icecast
- PPLive
- PPStream
- Zattoo
- SHOUTCast
- SopCast
- TVAnts
- TVUplayer
- VeohTV
- QQLive
- Thunder/Webthunder
- Soulseek
- GaduGadu
- IRC
- Popo
- Jabber
- MSN
- Oscar
- Yahoo
- Battlefield
- Quake
- Second Life
- Steam
- Halflife2
- World of Warcraft
- Telnet
- STUN
- IPSEC
- GRE
- ICMP
- IGMP
- EGP
- SCTP
- OSPF
- IP in IP
- RTP
- RDP
- VNC
- PCAnywhere
- SSL
- SSH
- USENET
- MGCP
- IAX
- TFTP
- AFP
- StealthNet
- Aimini
- SIP
- Truphone
- ICMPv6
- DHCPv6
- Armagetron
- CrossFire
- Dofus
- Fiesta
- Florensia
- Guildwars
- HTTP Application Activesync
- Kerberos
- LDAP
- MapleStory
- msSQL
- PPTP
- WARCRAFT3
- World of Kung Fu
- MEEBO
- DropBox
- Gmail
- Google Maps
- YouTube
- Skype
- DCE RPC
- NetFlow_IPFIX
- sFlow
- HTTP Connect (SSL over HTTP)
- HTTP Proxy
- Netflix
- Citrix
- CitrixOnline/GotoMeeting
- Apple (iMessage, FaceTime…)
- Webex
- Apple iCloud
- Viber
- Apple iTunes
- Radius
Handling Encrypted Content
The trend of Internet traffic is going towards encrypted content often using SSL. In order to let nDPI support encrypted connections, we have added a decoder for SSL (both client and server) certificates, thus we can figure out the protocol using the encryption certificate. This allows us to identify protocols such as Citrix Online and Apple iCloud that otherwise would be undetected.
Download Source
nDPI is automatically downloaded when you build ntop and nProbe. However nothing prevents you from using it as a standalone DPI library. The source code can be downloaded from the ntop SVN.
Please Contribute!
DPI is a time-consuming activity as protocols (in particular P2P) change quite often. This means that it’s necessary to update the code from time to time and add extensions. We would encourage anyone out there to help us adding or enhancing new protocols: we will put your contributions on our SVN and make them available to everyone free of charge. In fact the main reason why we decided to go for nDPI instead of using the original library, is that the company behind OpenDPI has never replied to our offers to merge the extensions we coded onto the original source code.
- nDPI——Open and Extensible GPLv3 Deep Packet Inspection Library.
- Open Source Framework and Library Recommendations
- GPLv3
- GPLv3
- 协议的注册与维护——ndpi源码分析
- FTP深度包检测——ndpi源码分析
- 协议的注册与维护——ndpi源码分析
- Git Reference---Inspection and Comparison
- 翻译 | Keras : Deep Learning library for Tensorflow and Theano
- p3:An open source pcap packet and NetFlow file analysis tool using Hadoop MapReduce and Hive.
- Inspection
- PJNATH - Open Source ICE, STUN, and TURN Library
- PJNATH - Open Source ICE, STUN, and TURN Library
- XML—可扩展标记语言(eXtensible Markup Languae)
- Extensible WebService and its IE-Hosted Client
- Extensible Messaging and Presence Protocol (XMPP): Core
- XMPP ----Extensible Messaging and Present Protocol
- Extensible Messaging and Presence Protocol (XMPP) 简介
- struct Flag64
- 军工高精密电阻RX20和RX70的区别
- 生产者-消费者问题(操作系统)
- js 格式化日期
- Android应用程序与SurfaceFlinger服务的关系概述和学习计划 .
- nDPI——Open and Extensible GPLv3 Deep Packet Inspection Library.
- android学习笔记6 eventhub
- JQuery为元素添加样式
- Linux中用C语言写系统日志
- Delphi中的线程类Thread
- java远程调用JPush极光推送api
- rpm用法
- spi 通信的要点 pic24f 为例
- 网络最流行的伤感时代空间日志发布:那一年,我们十六、七岁