Deep Packet Inspection
Identify applications and categories

Libprotoident

NETCAP has support for using libprotoident (v2.0.14), to identify 45 application categories and 500+ applications and protocols!
The full list of supported protocols can be found here:
SupportedProtocols · wanduow/libprotoident Wiki
GitHub
Libprotoident Supported Protocols
libprotoident is maintained by the WAND group, you can download and install the library here:
GitHub - wanduow/libprotoident: Network traffic classification library that requires minimal application payload
GitHub
Libprotoident Source Code

nDPI

Furthermore nDPI (v3.0) can be used to identify 244 applications, they are listed here:
Supported Protocols · ntop/nDPI Wiki
GitHub
nDPI Supported Protocols
nDPI is mainted by ntop, and can be downloaded here:
GitHub - ntop/nDPI: Open Source Deep Packet Inspection Software Toolkit
GitHub
nDPI Source Code
The results from all heuristic engines (lPI, nDPI and go heuristics) get dedpulicated automatically. Future versions could create a certainity score based on the number of votes from different heuristics.
DPI is currently used to indicate which applications have been seen for which IPProfile, when using the DeviceProfile encoder.
Read more about DeviceProfiles here:

Platform Support

NETCAPs DPI integration is currently only available on linux and macOS.
Last modified 1yr ago