search
OverviewGitHubHomepageGoDoc

Deep Packet Inspection

Identify applications and categories

hashtag
Libprotoident

NETCAP has support for using libprotoident (v2.0.14arrow-up-right), to identify 45 application categories and 500+ applications and protocols!

The full list of supported protocols can be found here:

LogoSupportedProtocolsGitHubchevron-right
Libprotoident Supported Protocols

libprotoident is maintained by the WAND group, you can download and install the library here:

LogoGitHub - LibtraceTeam/libprotoident: Network traffic classification library that requires minimal application payloadGitHubchevron-right
Libprotoident Source Code

hashtag
nDPI

Furthermore nDPI (v3.0) can be used to identify 244 applications, they are listed here:

LogoHomeGitHubchevron-right
nDPI Supported Protocols

nDPI is mainted by ntop, and can be downloaded here:

LogoGitHub - ntop/nDPI: Open Source Deep Packet Inspection Software ToolkitGitHubchevron-right
nDPI Source Code

The results from all heuristic engines (lPI, nDPI and go heuristics) get dedpulicated automatically. Future versions could create a certainity score based on the number of votes from different heuristics.

DPI is currently used to indicate which applications have been seen for which IPProfile, when using the DeviceProfile encoder.

Read more about DeviceProfiles here:

Device Profileschevron-right

hashtag
Platform Support

NETCAPs DPI integration is currently only available on linux and macOS.

PreviousReassemblyNextLive Capture

Last updated