Overview / Usage

Deep packet inspection (DPI in short) is a technique that allows the packet payload to be inspected in order to extract information such as application protocol (e.g. YouTube or WhatsApp) and metadata (e.g. URL, server name). DPI is used both in network traffic monitoring and security as it allows specific network flows to be identified and categorised in order to make them comply with the specified network policies.

Methodology / Approach

nDPI is an open source library based on an existing and no longer maintained library named OpenDPI. All the code is C based, self-contained with no external dependencies so that it could be easily embedded on existing applications or installed on small routers.

Technologies Used

nDPI works on various architectures including x86/64, MIPS and ARM. On x86/64 nDPI leverages on Intel Hyperscan (https://01.org/hyperscan) in order to improve its efficiency and scale in terms of number of patters and strings it can support.

Repository

https://github.com/ntop/nDPI

Other links

• nDPI Home Page