mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-04-28 15:09:47 +00:00
901e317422
* Added --cfg "tls,max_num_blocks_to_analyze,X" where if X > 0 TLS blocks are analyzed
Example --cfg "tls,max_num_blocks_to_analyze,8"
* TLS blocks now include a time-delta (msec) with respect to the previous TLS block.
The format is @<msec delta>. Example:
"tls_blocks": [
"22:1=232@191",
"22:2=-122@5,20=-1@5,21=-23@5,21=-905@5,21=-281@5",
"21=-53@0",
"20=1@3,21=53@3",
"21=-218@119,21=-218@119",
]
|
||
|---|---|---|
| .. | ||
| calls.conf | ||
| categories.txt | ||
| config.txt | ||
| config_only_classification.txt | ||
| ja4_fingerprints.csv | ||
| Makefile.dpdk.in | ||
| Makefile.in | ||
| mining_hosts.txt | ||
| ndpi2timeline.py | ||
| ndpiReader.c | ||
| ndpiSimpleIntegration.c | ||
| obfuscation.conf | ||
| only_classification.conf | ||
| protos.txt | ||
| protos_huge.txt | ||
| protos_overwrite_domains.txt | ||
| reader_util.c | ||
| reader_util.h | ||
| README.DPDK | ||
| risky_domains.txt | ||
| sha1_fingerprints.csv | ||
| tcp_fingerprints.csv | ||
Prerequisites ------------- You need to install and compile DPDK in your HOME directory as explained in See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup Once DPDK is built make sure to create a symbolic link $ cd $ ln -s dpdk-18.08 DPDK so the build process will use the DPDK directory letting you have multiple DPDK versions available on your system Build ----- Everything will happen automagically but if you want to do it by hand do: make -f Makefile.dpdk Run Application --------------- Supposing to capture packets from device eno1 you can start the application as follows: sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1 NOTE: - ndpiReader without DPDK support sits in this directory - ndpiReader with DPDK support can be found inside the ./build directory