vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 00:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/python
History
Ivan Nardi e6b332aa4a
Add support for flow client/server information (#1671) 
In a lot of places in ndPI we use *packet* source/dest info
(address/port/direction) when we are interested in *flow* client/server
info, instead.

Add basic logic to autodetect this kind of information.

nDPI doesn't perform any "flow management" itself but this task is
delegated to the external application. It is then likely that the
application might provide more reliable hints about flow
client/server direction and about the TCP handshake presence: in that case,
these information might be (optionally) passed to the library, disabling
the internal "autodetect" logic.

These new fields have been used in some LRU caches and in the "guessing"
algorithm.
It is quite likely that some other code needs to be updated.
2022-07-24 17:46:24 +02:00
..
ndpi Add support for flow client/server information (#1671) 2022-07-24 17:46:24 +02:00
DEV_GUIDE.md Update Python bindings guide. 2022-03-22 15:01:55 +01:00
dev_requirements.txt Complete rework of nDPI Python bindings (cffi API, automatic generation, packaging and CI integration) 2022-03-22 13:19:27 +01:00
ndpi_example.py Add support for flow client/server information (#1671) 2022-07-24 17:46:24 +02:00
README.md Python bindings fix. 2022-04-07 17:54:41 +02:00
requirements.txt Complete rework of nDPI Python bindings (cffi API, automatic generation, packaging and CI integration) 2022-03-22 13:19:27 +01:00
setup.py Complete rework of nDPI Python bindings (cffi API, automatic generation, packaging and CI integration) 2022-03-22 13:19:27 +01:00
tests.py Add support for flow client/server information (#1671) 2022-07-24 17:46:24 +02:00

README.md

ndpi

This package contains Python bindings for nDPI. nDPI is an Open and Extensible LGPLv3 Deep Packet Inspection Library.

ndpi is implemented using CFFI (out-of-line API mode). Consequently, it is fast and PyPy compliant.

Installation

Build nDPI

git clone --branch dev https://github.com/ntop/nDPI.git
cd nDPI
./autogen.sh
./configure
make
sudo make install

Install ndpi package

cd python
python3 -m pip install --upgrade pip
python3 -m install -r dev_requirements.txt
python3 -m pip install .

Usage

API

from ndpi import NDPI, NDPIFlow

nDPI = NDPI()

# You per flow processing here 
# ...

ndpi_flow = NDPIFlow()
nDPI.process_packet(ndpi_flow, ip_bytes, time_ms)
nDPI.giveup(ndpi_flow) # If you want to guess it instead (DPI fallback)

Example Application

ndpi_example.py is provided to demonstrate how ndpi can be integrated within your Python application.

Using nDPI 4.3.0-3532-8dd70b70
usage: ndpi_example.py [-h] [-u] input

positional arguments:
  input                 input pcap file path

optional arguments:
  -h, --help            show this help message and exit
  -u, --include-unknowns

Example with a Skype capture file

python3 ndpi_example.py -u ../tests/pcap/skype.pcap

Related projects

The provided example is for demo purposes only, For additional features (live capture, multiplatform support, multiprocessing, ML based classification, system visibility, etc.), please check nDPI based framework, NFStream.

License

This project is licensed under the LGPLv3 License - see the License file for details.