Overview Repositories Revisions Requests Users Attributes Meta

Extensible deep packet inspection library

Edit Package ndpi
https://github.com/ntop/nDPI

nDPI is a ntop-maintained superset of the popular OpenDPI library. Released
under the LGPL license, its goal is to extend the original library by adding
new protocols that are otherwise available only on the paid version of OpenDPI.
In addition to Unix platforms, we also support Windows, in order to provide
you a cross-platform DPI experience. Furthermore, we have modified nDPI do be
more suitable for traffic monitoring applications, by disabling specific
features that slow down the DPI engine while being them un-necessary for
network traffic monitoring.

  • Developed at server:monitoring
  • Sources inherited from project openSUSE:Factory
  • 1 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP4:FactoryCandidates/ndpi && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch 0000094081 91.9 KB
0002-Report-whether-a-protocol-is-encrypted.patch 0000000980 980 Bytes
0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch 0000001491 1.46 KB
ndpi-4.0.tar.gz 0120053617 114 MB
ndpi.changes 0000015250 14.9 KB
ndpi.spec 0000004952 4.84 KB
Latest Revision
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 914423 from Dirk Stoecker's avatar Dirk Stoecker (dstoecker) (revision 10) 
- Add conflicts for ndpi-common package, as version 3 did not follow
  packaging guidelines fully
- Create -common subpackage
- Update to version 4.0
  New Features
  * Add API for computing RSI (Relative Strenght Index)
  * Add GeoIP support
  * Add fragments management
  * Add API for jitter calculation
  * Add single exponential smoothing API
  * Add timeseries forecasting support implementing Holt-Winters
    with confidence interval
  * Add support for MAC to radi tree and expose the full API to
    applications
  * Add JA3+, with ALPN and elliptic curve
  * Add double exponential smoothing implementation
  * Extended API for managing flow risks
  * Add flow risk score
  * New flow risks:
    + Desktop or File Sharing Session
    + HTTP suspicious content (useful for tracking trickbot)
    + Malicious JA3
    + Malicious SHA1
    + Risky domain
    + Risky AS
    + TLS Certificate Validity Too Long
    + TLS Suspicious Extension
  New Supported Protocols and Services
  * New protocols:
    + AmongUs
    + AVAST SecureDNS
    + CPHA (CheckPoint High Availability Protocol)
    + DisneyPlus
    + DTLS
    + Genshin Impact
    + HP Virtual Machine Group Management (hpvirtgrp)
    + Mongodb
    + Pinterest
    + Reddit
    + Snapchat VoIP calls
    + Tumblr
    + Virtual Asssitant (Alexa, Siri)
    + Z39.50
  * Add protocols to HTTP as subprotocols
  * Add detection of TLS browser type
  * Add connectionless DCE/RPC detection
  Improvements
  * 2.5x speed bump. Example ndpiReader with a long mixed pcap
    v3.4 - nDPI throughput: 1.29 M pps / 3.35 Gb/sec
    v4.0 - nDPI throughput: 3.35 M pps / 8.68 Gb/sec
  * Improve detection/dissection of:
    + AnyDesk
    + DNS
    + Hulu
    + DCE/RPC (avoid false positives)
    + dnscrypt
    + Facebook (add new networks)
    + Fortigate
    + FTP Control
    + HTTP
      - Fix user-agent parsing
      - Fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined
    + IEC104
    + IEC60870
    + IRC
    + Netbios
    + Netflix
    + Ookla speedtest (detection over IPv6)
    + openspeedtest.com
    + Outlook / MicrosoftMail
    + QUIC
      - update to draft-33
      - improve handling of SNI
      - support for fragmented Client Hello
      - support for DNS-over-QUIC
    + RTSP
    + RTSP via HTTP
    + SNMP (reimplemented)
    + Skype
    + SSH
    + Steam (Steam Datagram Relay - SDR)
    + STUN (avoid false positives, improved Skype detection)
    + TeamViewer (add new hosts)
    + TOR (update hosts)
    + TLS
      - Certificate Subject matching
      - Check for common ALPNs
      - Reworked fingerprint calculation
      - Fix extraction for TLS signature algorithms
      - Fix ClientHello parsing
    + UPnP
    + wireguard
    + Improve DGA detection
    + Improve JA3
    + Improve Mining detection
    + Improve string matching algorithm
    + Improve ndpi_pref_enable_tls_block_dissection
    + Optimize speed and memory size
    + Update ahocorasick library
    + Improve subprotocols detection
  Fixes
  * Fix partial application matching
  * Fix multiple segfault and leaks
  * Fix uninitialized memory use
  * Fix release of patterns allocated in ndpi_add_string_to_automa
  * Fix return value of ndpi_match_string_subprotocol
  * Fix setting of flow risks on 32 bit machines
  * Fix TLS certificate threshold
  * Fix a memory error in TLS JA3 code
  * Fix false positives in Z39.50
  * Fix off-by-one memory error for TLS-JA3
  * Fix bug in ndpi_lru_find_cache
  * Fix invalid xbox and playstation port guesses
  * Fix CAPWAP tunnel decoding
  * Fix parsing of DLT_PPP datalink type
  * Fix dissection of QUIC initial packets coalesced with 0-RTT one
  * Fix parsing of GTP headers
  * Add bitmap boundary checks
  Misc
  * Update download category name
  * Update category labels
  * Renamed Skype in Skype_Teams (the protocol is now shared across
    these apps)
  * Add IEC analysis wireshark plugin
  * Flow risk visualization in Wireshark
  * ndpiReader
    + add statistics about nDPI performance
    + fix memory leak
    + fix collecting of risks statistics
  * Move installed libraries from /usr/local to /usr
  * Improve NDPI_API_VERSION generation
  * Update ndpi_ptree_match_addr prototype
- Add patches (for compatibility with ntopng 5.0):
  * 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch
  * 0002-Report-whether-a-protocol-is-encrypted.patch
  * 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch
Comments 0
openSUSE Build Service is sponsored by
Places