vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 16:30:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/example
History
Ivan Nardi 4d11941d32
Ookla: rework detection (#1922) 
The logic of the LRU cache has been changed: once we know an ip has
connected to an Ookla server, all the following (unknown) flows (for
a short time interval) from the same ip to the port 8080 are treated
as Ookla ones.

Most of the changes in this commit are about introducing the concept of
"aggressive detection". In some cases, to properly detect a
protocol we might use some statistical/behavior logic that, from one
side, let us to identify the protocol more often but, from the other
side, might lead to some false positives.
To allow the user/application to easily detect when such logic has been
triggered, the new confidence value `NDPI_CONFIDENCE_DPI_AGGRESSIVE` has been
added.
It is always possible to disable/configure this kind of logic via the
API.

Detection of Ookla flows using plain TLS over port 8080 is the first
example of aggressive detection in nDPI.

Tested with:
* Android 9.0 with app 4.8.3
* Ubuntu 20.04 with Firefox 110
* Win 10 with app 1.15 and 1.16
* Win 10 with Chrome 108, Edge 108 and Firefox 106
2023-03-30 17:13:51 +02:00
..
categories.txt Add categories test PCAP 2019-09-27 10:15:20 +02:00
ja3_fingerprints.csv Updated JA3/SSL fingerprints. 2022-07-04 16:05:22 +02:00
Makefile.dpdk.in Removed Makefile references to legacy code. (#1589) 2022-06-08 13:37:11 +02:00
Makefile.in Add support for LTO and Gold linker (#1812) 2022-12-05 10:21:42 +01:00
mining_hosts.txt Implemented custom category loading. 2018-04-26 21:10:59 +02:00
ndpi2timeline.py Implemented nDPI timeline visualizer 2019-12-15 23:35:43 +01:00
ndpiReader.c Ookla: rework detection (#1922) 2023-03-30 17:13:51 +02:00
ndpiSimpleIntegration.c thread_index may by negative. (#1814) 2022-12-05 10:22:05 +01:00
protos.txt Add another example of custom rules (#1923) 2023-03-30 08:45:17 +02:00
reader_util.c ndpiReader: fix VXLAN de-tunneling (#1913) 2023-03-25 19:19:51 +01:00
reader_util.h ndpiReader: print how many packets (per flow) were needed to perform full DPI (#1891) 2023-03-01 21:50:47 +01:00
README.DPDK Added DPDK support to ndpiReader 2018-11-10 16:10:22 +01:00
risky_domains.txt Added risky domain flow-risk support 2021-02-21 21:45:46 +01:00
sha1_fingerprints.csv Updated JA3/SSL fingerprints. 2022-07-04 16:05:22 +02:00

README.DPDK 

Prerequisites
-------------

You need to install and compile DPDK in your HOME directory as explained in
See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup

Once DPDK is built make sure to create a symbolic link

$ cd
$ ln -s dpdk-18.08 DPDK

so the build process will use the DPDK directory letting you have multiple
DPDK versions available on your system


Build
-----
Everything will happen automagically but if you want to do it by hand
do: make -f Makefile.dpdk


Run Application
---------------
Supposing to capture packets from device eno1 you can start the
application as follows:

sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1

NOTE:
- ndpiReader without DPDK support sits in this directory
- ndpiReader with DPDK support can be found inside the ./build directory