Deep Packet Inspection
Identify applications and categories


NETCAP has support for using libprotoident (v2.0.14), to identify 45 application categories and 500+ applications and protocols!
The full list of supported protocols can be found here:
SupportedProtocols · wanduow/libprotoident Wiki
Libprotoident Supported Protocols
libprotoident is maintained by the WAND group, you can download and install the library here:
GitHub - wanduow/libprotoident: Network traffic classification library that requires minimal application payload
Libprotoident Source Code


Furthermore nDPI (v3.0) can be used to identify 244 applications, they are listed here:
Supported Protocols · ntop/nDPI Wiki
nDPI Supported Protocols
nDPI is mainted by ntop, and can be downloaded here:
GitHub - ntop/nDPI: Open Source Deep Packet Inspection Software Toolkit
nDPI Source Code
The results from all heuristic engines (lPI, nDPI and go heuristics) get dedpulicated automatically. Future versions could create a certainity score based on the number of votes from different heuristics.
DPI is currently used to indicate which applications have been seen for which IPProfile, when using the DeviceProfile encoder.
Read more about DeviceProfiles here:

Platform Support

NETCAPs DPI integration is currently only available on linux and macOS.