Deep Packet Inspection

Identify applications and categories


NETCAP has support for using libprotoident (v2.0.14), to identify 45 application categories and 500+ applications and protocols!

The full list of supported protocols can be found here:

libprotoident is maintained by the WAND group, you can download and install the library here:


Furthermore nDPI (v3.0) can be used to identify 244 applications, they are listed here:

nDPI is mainted by ntop, and can be downloaded here:

The results from all heuristic engines (lPI, nDPI and go heuristics) get dedpulicated automatically. Future versions could create a certainity score based on the number of votes from different heuristics.

DPI is currently used to indicate which applications have been seen for which IPProfile, when using the DeviceProfile encoder.

Read more about DeviceProfiles here:

pageDevice Profiles

Platform Support

NETCAPs DPI integration is currently only available on linux and macOS.

Last updated