# Deep Packet Inspection

## Libprotoident

NETCAP has support for using **libprotoident** (v[2.0.14](https://github.com/wanduow/libprotoident/releases/tag/2.0.14-1)), to identify 45 application categories and 500+ applications and protocols!

The full list of supported protocols can be found here:

{% embed url="<https://github.com/wanduow/libprotoident/wiki/SupportedProtocols>" %}
Libprotoident Supported Protocols
{% endembed %}

**libprotoident** is maintained by the WAND group, you can download and install the library here:

{% embed url="<https://github.com/wanduow/libprotoident>" %}
Libprotoident Source Code
{% endembed %}

## nDPI

Furthermore **nDPI** (v3.0) can be used to identify 244 applications, they are listed here:

{% embed url="<https://github.com/ntop/nDPI/wiki/Supported-Protocols>" %}
nDPI Supported Protocols
{% endembed %}

**nDPI** is mainted by **ntop**, and can be downloaded here:

{% embed url="<https://github.com/ntop/nDPI>" %}
nDPI Source Code
{% endembed %}

The results from all heuristic engines (lPI, nDPI and go heuristics) get dedpulicated automatically. Future versions could create a certainity score based on the number of votes from different heuristics.

DPI is currently used to indicate which applications have been seen for which **IPProfile**, when using the **DeviceProfile** encoder.

Read more about DeviceProfiles here:

{% content-ref url="/pages/-M4zgij9Nh\_pcelAun7g" %}
[Device Profiles](/device-profiles.md)
{% endcontent-ref %}

## Platform Support

NETCAPs DPI integration is currently only available on linux and macOS.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.netcap.io/deep-packet-inspection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.