nDPI is a ntop-maintained superset of the popular OpenDPI library.Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platformDPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.
nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), andalso the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.
We are continuously extending nDPI and so (as of April 2012) far following protocols are supported:
FTP
POP
SMTP
IMAP
DNS
IPP
HTTP
MDNS
NTP
NETBIOS
NFS
SSDP
BGP
SNMP
XDMCP
SMB
SYSLOG
DHCP
PostgreSQL
MySQL
TDS
DirectDownloadLink
I23V5
AppleJuice
DirectConnect
Socrates
WinMX
MANOLITO
PANDO
Filetopia
iMESH
Kontiki
OpenFT
Kazaa/Fasttrack
Gnutella
eDonkey
Bittorrent (
Extended)
OFF
AVI
Flash
OGG
MPEG
QuickTime
RealMedia
Windowsmedia
MMS
XBOX
QQ
MOVE
RTSP
Feidian
Icecast
PPLive
PPStream
Zattoo
SHOUTCast
SopCast
TVAnts
TVUplayer
VeohTV
QQLive
Thunder/Webthunder
Soulseek
GaduGadu
IRC
Popo
Jabber
MSN
Oscar
Yahoo
Battlefield
Quake
Second Life
Steam
Halflife2
World of Warcraft
Telnet
STUN
IPSEC
GRE
ICMP
IGMP
EGP
SCTP
OSPF
IP in IP
RTP
RDP
VNC
PCAnywhere
SSL
SSH
USENET
MGCP
IAX
TFTP
AFP
StealthNet
Aimini
SIP
Truphone
ICMPv6
DHCPv6
Armagetron
CrossFire
Dofus
Fiesta
Florensia
Guildwars
HTTP Application Activesync
Kerberos
LDAP
MapleStory
msSQL
PPTP
WARCRAFT3
World of Kung Fu
MEEBO
FaceBook
Twitter
DropBox
Gmail
GoogleMaps
YouTube
Skype
Google
DCERPC
NetFlow_IPFIX
sFlow
HTTPConnect (SSL over HTTP)
HTTPProxy
Netflix
Citrix
CitrixOnline/GotoMeeting
Apple(iMessage, FaceTime…)
Webex
WhatsApp
AppleiCloud
Viber
AppleiTunes
Radius
Handling Encrypted Content
The trend of Internet traffic is going towards encrypted content often using SSL. In order to let nDPI support encrypted connections, we have added adecoder for SSL (both client and server) certificates, thus we can figure out the protocol using the encryption certificate. This allows us to identify protocols such as Citrix Online and Apple iCloud that otherwise would be undetected. Download Source
nDPI is automatically downloaded when you build ntop and nProbe. However nothing prevents you from using it as a standalone DPI library. The source code can be downloaded from the ntopSVN. Please Contribute!
DPI is a time-consuming activity as protocols (in particular P2P) change quite often. This means that it’s necessary to update the code from time to time and add extensions. We would encourage anyone out there to help us adding or enhancing new protocols: wewill put your contributions on our SVN and make them available to everyone free of charge. In fact the main reason why we decided to go for nDPI instead of using the original library, is that the company behind OpenDPI has never replied to our offers to mergethe extensions we coded onto the original source code.