Logo
Sign in
Product Logo
nDPIntop

nDPI is an open-source deep packet inspection library, extending protocol detection for network traffic monitoring and cybersecurity analysis across multiple platforms.

Vendor

Vendor

ntop

Company Website

Company Website

Product details

nDPI is a DPI toolkit maintained by ntop, released under the LGPL license, aiming to extend the original OpenDPI library with new protocols. It supports Unix platforms and Windows, providing a cross-platform DPI experience. nDPI has been modified to be more suitable for traffic monitoring applications by disabling specific features that slow down the DPI engine while being unnecessary for network traffic monitoring. It is used in ntop tools and various third-party applications for adding application-layer detection of protocols, regardless of the port being used. This enables the detection of known protocols on non-standard ports and vice versa, as the concept of port=application no longer holds. nDPI not only detects the application protocol but also reports relevant metadata associated with a flow, such as URL, TLS certificate, and Operating System. It includes various features for traffic classification and analysis, enabling users to create applications without implementing complex analysis capabilities, as they are already provided by nDPI. The nDPI engine is continuously extended with new protocol dissectors, with protocols added or updated regularly. It also identifies specific risks in network traffic by reporting flow risks, including XSS attacks, SQL injection, binary application transfers, and more. nDPI allows users to extract metadata from encrypted communications and classify encrypted traffic, even with the increasing trend of encrypted content using TLS/QUIC.

Features & Benefits

  • Metadata Extraction
    • Reports relevant metadata associated with a flow such as URL, TLS certificate, Operating System etc.
  • Traffic Analysis
    • Includes various features for traffic classification and analysis that enable you to create your application without having to implement complex analysis capabilities as they are already provided by nDPI.
  • Cybersecurity Analysis
    • Identifies specific “risks” in network traffic by reporting flow risks.
  • ETA (Encrypted Traffic Analysis)
    • Allows you to extract metadata from encrypted communications and also classify encrypted traffic.
Find more products by industry
Information & CommunicationView all
Find more products by category
Security SoftwareView all