vrr/nDPId
2
0
Fork 0
mirror of https://github.com/utoni/nDPId.git synced 2026-05-17 03:56:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
nDPId/examples
History
Exact
Toni Uhlig 471ea83493
bump libnDPI to e946f49aca13e4447a7d7b2acae6323a4531fb55 
* incorporated upstream changes

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-01-25 10:07:25 +01:00
..
c-analysed bump libnDPI to e946f49aca13e4447a7d7b2acae6323a4531fb55 2025-01-25 10:07:25 +01:00
c-captured Fixed some SonarCloud issues 2024-11-14 10:21:35 +01:00
c-collectd bump libnDPI to e946f49aca13e4447a7d7b2acae6323a4531fb55 2025-01-25 10:07:25 +01:00
c-influxd bump libnDPI to e946f49aca13e4447a7d7b2acae6323a4531fb55 2025-01-25 10:07:25 +01:00
c-notifyd Slightly unified C example's logging 2024-11-05 12:48:36 +01:00
c-simple Replaced ambiguous naming of "JSON string" to more accurate "JSON message". #2 2023-12-04 13:13:05 +01:00
cxx-graph@68eb1b105d Added docker build&push to the CI. 2023-08-03 10:00:50 +02:00
js-rt-analyzer@87cb7a0af5 Updated js-rt-analyzer and js-rt-analyzer-frontend examples. 2023-04-21 16:51:58 +02:00
js-rt-analyzer-frontend@6806ef7d13 Added docker build&push to the CI. 2023-08-03 10:00:50 +02:00
py-flow-dashboard Fixed some SonarCloud issues 2024-10-26 11:35:30 +02:00
py-flow-info Added --no-blink and --hide-risk-info 2024-12-09 11:09:34 +01:00
py-flow-muliprocess nDPId: Reduced flow-updates for TCP flows to 1/4 of the timeout value. 2022-09-19 19:39:49 +02:00
py-json-stdout Enable custom JSON filter expressions for Python scripts. 2023-08-27 20:08:01 +02:00
py-machine-learning Improved Keras Autoencoder hyper parameter. 2024-08-16 13:20:35 +02:00
py-schema-validation Added Keras based Autoencode (Work-in-Progress!) 2023-07-16 22:06:36 +02:00
py-semantic-validation Switched OpenWrt GitHub Actions SDK to main branch 2024-11-02 18:36:54 +01:00
yaml-filebeat Added Filebeat Configuration (#44) 2024-10-06 11:09:54 +02:00
ndpid_grafana_example.png Added Grafana example dashboard image. 2023-12-20 19:19:08 +01:00
ndpid_install_and_run.gif Improve README 2022-08-12 11:10:45 +02:00
README.md Added Filebeat Configuration (#44) 2024-10-06 11:09:54 +02:00

README.md

examples

Some ready-2-use/ready-2-extend examples/utils. All examples are prefixed with their used LANG.

c-analysed

A feature extractor useful for ML/DL use cases. It generates CSV files from flow "analyse" events. Used also by tests/run_tests.sh if available.

c-captured

A capture daemon suitable for low-resource devices. It saves flows that were guessed/undetected/risky/midstream to a PCAP file for manual analysis. Used also by tests/run_tests.sh if available.

c-collectd

A collecd-exec compatible middleware that gathers statistic values from nDPId. Used also by tests/run_tests.sh if available.

c-influxd

An InfluxDB push daemon. It aggregates various statistics gathered from nDPId. The results are sent to a specified InfluxDB endpoint.

c-notifyd

A notification daemon that sends information about suspicious flow events to DBUS.

c-simple

Integration example that verifies flow timeouts on SIGUSR1.

cxx-graph

A standalone GLFW/OpenGL application that draws statistical data using ImWeb/ImPlot/ImGui.

js-rt-analyzer

nDPId-rt-analyzer

js-rt-analyzer-frontend

nDPId-rt-analyzer-frontend

py-flow-info

Console friendly, colorful, prettyfied event printer. Required by tests/run_tests.sh

py-machine-learning

Contains:

  1. Classification via Random Forests and SciLearn
  2. Anomaly Detection via Autoencoder and Keras (Work-In-Progress!)

Use sklearn together with CSVs created with c-analysed to train and predict DPI detections.

Try it with: ./examples/py-machine-learning/sklearn_random_forest.py --csv ./ndpi-analysed.csv --proto-class tls.youtube --proto-class tls.github --proto-class tls.spotify --proto-class tls.facebook --proto-class tls.instagram --proto-class tls.doh_dot --proto-class quic --proto-class icmp

This way you should get 9 different classification classes. You may notice that some classes e.g. TLS protocol classifications have a higher false-negative/false-positive rate. Unfortunately, I can not provide any datasets due to some privacy concerns.

But you may use a pre-trained model with --load-model.

py-flow-dashboard

A realtime web based graph using Plotly/Dash. Probably the most informative example.

py-flow-multiprocess

Simple Python Multiprocess example spawning two worker processes, one connecting to nDPIsrvd and one printing flow id's to STDOUT.

py-json-stdout

Dump received and parsed JSON objects.

py-schema-validation

Validate nDPId JSON messages against pre-defined JSON schema's. See schema/. Required by tests/run_tests.sh

py-semantic-validation

Validate nDPId JSON messages against internal event semantics. Required by tests/run_tests.sh

yaml-filebeat

An example filebeat configuration to parse and send nDPId JSON messages to Elasticsearch. Allowing long term storage and data visualization with kibana and various other tools that interact with Elasticsearch (No logstash required).