nDPI
开放且可扩展的LGPLv3深度包检测库。
nDPI是流行的OpenDPI库的ntop维护超集。它是根据LGPL许可发布,其目标是通过添加新协议来扩展原始库,这些协议否则仅在OpenDPI的付费版本上可用。除了Unix平台,我们还支持Windows,以便为您提供跨平台的DPI体验。此外,我们还对nDPI进行了修改,使其更适合流量监控应用程序,方法是禁用降低DPI引擎速度的特定功能,而这些功能对于网络流量监控不是必需的。
无论使用哪个端口,ntop和nProbe都使用nDPI来添加协议的应用层检测。这意味着既可以检测非标准端口上的已知协议(例如,检测80以外的端口上的HTTP),也可以检测相反的协议(例如,检测端口80上的Skype业务)。这是因为现在port=application的概念不再成立。
nDPI正在不断扩展,到目前为止支持的协议有很多,包括:
- FTP_CONTROL
- POP3
- SMTP
- IMAP
- DNS
- IPP
- HTTP
- MDNS
- NTP
- NetBIOS
- NFS
- SSDP
- BGP
- SNMP
- XDMCP
- SMBv1
- Syslog
- DHCP
- PostgreSQL
- MySQL
- Hotmail
- Direct_Download_Link
- POPS
- AppleJuice
- DirectConnect
- ntop
- COAP
- VMware
- SMTPS
- FacebookZero
- UBNTAC2
- Kontiki
- OpenFT
- FastTrack
- Gnutella
- eDonkey
- BitTorrent
- SkypeCall
- Signal
- Memcached
- SMBv23
- Mining
- NestLogSink
- Modbus
- Xbox
- TikTok
- RTSP
- IMAPS
- IceCast
- PPLive
- PPStream
- Zattoo
- ShoutCast
- Sopcast
- Tvants
- TVUplayer
- HTTP_Download
- QQLive
- Thunder
- Soulseek
- SSL_No_Cert
- IRC
- Ayiya
- Unencrypted_Jabber
- MSN
- Oscar
- Yahoo
- BattleField
- GooglePlus
- VRRP
- Steam
- HalfLife2
- WorldOfWarcraft
- Telnet
- STUN
- IPsec
- GRE
- ICMP
- IGMP
- EGP
- SCTP
- OSPF
- IP_in_IP
- RTP
- RDP
- VNC
- PcAnywhere
- SSL
- SSH
- Usenet
- MGCP
- IAX
- TFTP
- AFP
- Stealthnet
- Aimini
- SIP
- TruPhone
- ICMPV6
- DHCPV6
- Armagetron
- Crossfire
- Dofus
- Fiesta
- Florensia
- Guildwars
- HTTP_ActiveSync
- Kerberos
- LDAP
- MapleStory
- MsSQL-TDS
- PPTP
- Warcraft3
- WorldOfKungFu
- Slack
- Dropbox
- GMail
- GoogleMaps
- YouTube
- Skype
- DCE_RPC
- NetFlow
- sFlow
- HTTP_Connect
- HTTP_Proxy
- Citrix
- NetFlix
- LastFM
- Waze
- YouTubeUpload
- GenericProtocol
- CHECKMK
- AJP
- Apple
- Webex
- AppleiCloud
- Viber
- AppleiTunes
- Radius
- WindowsUpdate
- TeamViewer
- Tuenti
- LotusNotes
- SAP
- GTP
- UPnP
- LLMNR
- RemoteScan
- Spotify
- Messenger
- H323
- OpenVPN
- NOE
- CiscoVPN
- TeamSpeak
- Tor
- CiscoSkinny
- RTCP
- RSYNC
- Oracle
- Corba
- UbuntuONE
- Whois-DAS
- Collectd
- SOCKS
- Nintendo
- RTMP
- FTP_DATA
- Wikipedia
- ZeroMQ
- Amazon
- eBay
- CNN
- Megaco
- Redis
- Pando_Media_Booster
- VHUA
- Telegram
- Vevo
- Pandora
- QUIC
- WhatsAppVoice
- EAQ
- Ookla
- AMQP
- KakaoTalk
- KakaoTalk_Voice
- Twitch
- MPEG_TS
- Snapchat
- Sina(Weibo)
- GoogleHangout
- IFLIX
- Github
- BJNP
- SMPP
- DNScrypt
- TINC
- Deezer
- Microsoft
- Starcraft
- Teredo
- HotspotShield
- HEP
- GoogleDrive
- OCS
- Office365
- Cloudflare
- MS_OneDrive
- MQTT
- RX
- AppleStore
- OpenDNS
- Git
- DRDA
- PlayStore
- SOMEIP
- FIX
- Playstation
- Pastebin
- SoundCloud
- CSGO
- LISP
- Diameter
- ApplePush
- GoogleServices
- AmazonVideo
- GoogleDocs
- WhatsAppFiles
- Targus Dataspeed
- DNP3
- IEC60870
- Bloomberg
- CAPWAP
- Zabbix
- s7comm
- Microsoft Teams
- WebSocket
处理加密内容
Internet流量的趋势通常是使用SSL的加密内容。为了使nDPI支持加密的连接,添加了用于SSL(客户端和服务器)证书的解码器,因此可以使用加密证书找出协议。这使我们能够识别诸如Citrix Online和Apple iCloud之类的协议,否则这些协议将不会被检测到。