nDPI
Open and Extensible LGPLv3 Deep Packet Inspection Library.
nDPI is a ntop-maintained DPI toolkit. Released under the LGPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI to be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.
nDPI is used in ntop tools and various third party applications for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http on ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.
Metadata Extraction
nDPI not only detects the application protocol, but it also report relevant metadata associated with a flow such as URL, TLS certificate, Operating System etc. Below you can find an example of metadata that can be extracted from a flow.
{
"first_seen":1456184267.696,
"last_seen":1456184289.106,
"duration":21.410,
"flow_id":2152,
"vlan_id":0,
"src_ip":"192.168.1.90",
"dest_ip":"206.58.211.195",
"src_port":55074,
"dst_port":443,
"ip":4,
"proto":"TCP",
"ndpi":{
"confidence":{
"6":"DPI"
},
"proto":"TLS.Google",
"proto_id":"91.126",
"proto_by_ip":"Google",
"proto_by_ip_id":126,
"encrypted":1,
"breed":"Acceptable",
"category_id":5,
"category":"Web",
"hostname":"www.google.es",
"tls":{
"version":"TLSv1.2",
"server_names":"*.google.com,google-analytics.com,google.com,googlecommerce.com,youtu.be,youtube.com",
"ja3":"d4693422c5ce1565377aca25940ad80c",
"ja3s":"8d9971006a2ddb0de34017d703f825d9",
"unsafe_cipher":0,
"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2",
"subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com",
"advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1",
"negotiated_alpn":"h2",
"fingerprint":"D8:9E:22:F9:E3:AB:23:60:CB:B4:6D:C0:1C:67:06:F1:76:E9:1C:D9"
}
},
...
Traffic Analysis
nDPI not only offers DPI features, but it includes various features for traffic classification and analysis that enable you to create your application without having to implement complex analysis capabilities as they are already provided by nDPI (read more).
Supported Protocols
The nDPI engine is continuously extended with new protocol dissectors: protocols are added or updates every day. As of today, the list of applications the engine is able to detect includes:
Id Userd-id Protocol Layer_4 Nw_Proto Breed Category Def UDP Port/s Def TCP Port/s 0 0 Unknown TCP X Unrated Unspecified - - 1 1 FTP_CONTROL TCP X Unsafe Download - 21 2 2 POP3 TCP X Unsafe Email - 110 3 3 SMTP TCP X Acceptable Email - 25,587 4 4 IMAP TCP X Unsafe Email - 143 5 5 DNS TCP/UDP X Acceptable Network 53 53 6 6 IPP TCP/UDP X Acceptable System - - 7 7 HTTP TCP X Acceptable Web - 80 8 8 MDNS TCP X Acceptable Network 5353,5354 - 9 9 NTP UDP X Acceptable System 123 - 10 10 NetBIOS TCP/UDP X Acceptable System 137,138,139 139 11 11 NFS TCP/UDP X Acceptable DataTransfer 2049 2049 12 12 SSDP UDP X Acceptable System - - 13 13 BGP TCP X Acceptable Network - 179,2605 14 14 SNMP UDP X Acceptable Network 161,162 - 15 15 XDMCP TCP/UDP X Acceptable RemoteAccess 177 177 16 16 SMBv1 TCP X Dangerous System - 445 17 17 Syslog TCP/UDP X Acceptable System 514 514,601,6514 18 18 DHCP UDP X Acceptable Network 67,68 - 19 19 PostgreSQL TCP X Acceptable Database - 5432 20 20 MySQL TCP X Acceptable Database - 3306 21 21 Outlook TCP Acceptable Email - - 22 22 VK TCP Fun SocialNetwork - - 23 23 POPS TCP Safe Email - 995 24 24 Tailscale UDP Acceptable VPN 41641 - 25 25 Yandex TCP Safe Web - - 26 26 ntop TCP Safe Network - - 27 27 COAP UDP X Safe RPC 5683,5684 - 28 28 VMware UDP X Acceptable RemoteAccess 902,903 903 29 29 SMTPS TCP Safe Email - 465 30 30 DTLS UDP X Safe Web - - 31 31 UBNTAC2 UDP X Safe Network 10001 - 32 32 BFCP TCP/UDP X Acceptable Video - - 33 33 YandexMail TCP Safe Email - - 34 34 YandexMusic TCP Fun Music - - 35 35 Gnutella TCP/UDP X Potentially Dangerous Download - - 36 36 eDonkey TCP X Unsafe Download - - 37 37 BitTorrent TCP/UDP X Acceptable Download 6771,51413 51413,53646 38 38 Skype_TeamsCall TCP Acceptable VoIP - - 39 39 Signal TCP Fun Chat - - 40 40 Memcached TCP/UDP X Acceptable Network 11211 11211 41 41 SMBv23 TCP X Acceptable System - 445 42 42 Mining TCP Unsafe Mining - - 43 43 NestLogSink TCP Acceptable Cloud - 11095 44 44 Modbus TCP X Acceptable IoT-Scada - 502 45 45 WhatsAppCall TCP Acceptable VoIP - - 46 46 DataSaver TCP Fun Web - - 47 47 Xbox UDP Fun Game - - 48 48 QQ UDP Fun Chat - - 49 49 TikTok TCP Fun SocialNetwork - - 50 50 RTSP TCP/UDP X Fun Media 554 554 51 51 IMAPS TCP Safe Email - 993 52 52 IceCast TCP X Fun Media - - 53 53 CPHA UDP Fun Network 8116 - 54 54 iQIYI UDP X Fun Streaming - - 55 55 Zattoo TCP/UDP Fun Video - - 56 56 YandexMarket TCP Safe Shopping - - 57 57 YandexDisk TCP Safe Cloud - - 58 58 Discord UDP Fun Collaborative - - 59 59 AdobeConnect TCP Acceptable Video - - 60 60 MongoDB TCP X Acceptable Database - 27017 61 61 Pluralsight TCP Fun Video - - 62 62 YandexCloud TCP Safe Cloud - - 63 63 OCSP TCP Safe Network - - 64 64 VXLAN UDP X Acceptable Network 4789 - 65 65 IRC TCP X Unsafe Chat 194 194 66 66 MerakiCloud UDP X Acceptable Network - - 67 67 Jabber TCP X Acceptable Web - - 68 68 Nats TCP X Acceptable RPC - - 69 69 AmongUs UDP Fun Game 22023 - 70 70 Yahoo TCP Safe Web - - 71 71 DisneyPlus TCP Fun Streaming - - 72 72 HART-IP TCP/UDP X Acceptable IoT-Scada - 5094 73 73 VRRP TCP X Acceptable Network - - 74 74 Steam UDP Fun Game - - 75 75 HalfLife2 UDP X Fun Game - - 76 76 WorldOfWarcraft TCP Fun Game - - 77 77 Telnet TCP X Unsafe RemoteAccess - 23 78 78 STUN TCP/UDP X Acceptable Network 3478 - 79 79 IPSec UDP X Safe VPN 500,4500 500 80 80 GRE X Acceptable Network - - 81 81 ICMP X Acceptable Network - - 82 82 IGMP X Acceptable Network - - 83 83 EGP X Acceptable Network - - 84 84 SCTP X Acceptable Network - - 85 85 OSPF X Acceptable Network - 2604 86 86 IP_in_IP X Acceptable Network - - 87 87 RTP TCP/UDP X Acceptable Media - - 88 88 RDP TCP/UDP X Acceptable RemoteAccess 3389 3389 89 89 VNC TCP X Acceptable RemoteAccess - 5900,5901,5800 90 90 Tumblr TCP Fun SocialNetwork - - 91 91 TLS TCP X Safe Web - 443 92 92 SSH TCP X Acceptable RemoteAccess - 22 93 93 Usenet TCP X Acceptable Web - - 94 94 MGCP UDP X Acceptable VoIP - - 95 95 IAX UDP X Acceptable VoIP 4569 4569 96 96 TFTP UDP X Acceptable DataTransfer 69 - 97 97 AFP TCP X Acceptable DataTransfer 548 548 98 98 YandexMetrika TCP Safe Web - - 99 99 YandexDirect TCP Tracker/Ads Advertisement - - 100 100 SIP TCP/UDP X Acceptable VoIP 5060,5061 5060,5061 101 101 TruPhone TCP Acceptable VoIP - - 102 102 ICMPV6 X Acceptable Network - - 103 103 DHCPV6 UDP X Acceptable Network - - 104 104 Armagetron UDP X Fun Game - - 105 105 Crossfire TCP/UDP Fun RPC - - 106 106 Dofus TCP X Fun Game - - 107 107 ADS_Analytic_Track TCP Tracker/Ads Advertisement - - 108 108 AdultContent TCP Acceptable AdultContent - - 109 109 Guildwars TCP X Fun Game - - 110 110 AmazonAlexa TCP Acceptable VirtAssistant - - 111 111 Kerberos TCP/UDP X Acceptable Network 88 88 112 112 LDAP TCP/UDP X Acceptable System 389 389 113 113 MapleStory TCP Fun Game - - 114 114 MsSQL-TDS TCP X Acceptable Database - 1433,1434 115 115 PPTP TCP X Acceptable VPN - - 116 116 Warcraft3 TCP/UDP X Fun Game - - 117 117 WorldOfKungFu TCP X Fun Game - - 118 118 Slack TCP Acceptable Collaborative - - 119 119 Facebook TCP Fun SocialNetwork - - 120 120 Twitter TCP Fun SocialNetwork - - 121 121 Dropbox UDP Acceptable Cloud 17500 - 122 122 GMail TCP Acceptable Email - - 123 123 GoogleMaps TCP Safe Web - - 124 124 YouTube TCP Fun Media - - 125 125 Skype_Teams TCP Acceptable VoIP - - 126 126 Google TCP Acceptable Web - - 127 127 MS-RPCH TCP X Acceptable RPC - - 128 128 NetFlow UDP X Acceptable Network 2055 - 129 129 sFlow UDP X Acceptable Network 6343 - 130 130 HTTP_Connect TCP X Acceptable Web - 8080 131 131 HTTP_Proxy TCP X Acceptable Web - 8080,3128 132 132 Citrix TCP Acceptable Network - 1494,2598 133 133 NetFlix TCP Fun Video - - 134 134 LastFM TCP Fun Music - - 135 135 Waze TCP Acceptable Web - - 136 136 YouTubeUpload TCP Fun Media - - 137 137 Hulu TCP Fun Streaming - - 138 138 CHECKMK TCP X Acceptable DataTransfer - 6556 139 139 AJP TCP X Acceptable Web - 8009,8010 140 140 Apple TCP Safe Web - - 141 141 Webex TCP Acceptable VoIP - - 142 142 WhatsApp TCP Acceptable Chat - - 143 143 AppleiCloud TCP Acceptable Web - - 144 144 Viber TCP/UDP Fun VoIP 7985,7987,5242,5243,4244 7985,5242,5243,4244 145 145 AppleiTunes TCP Fun Streaming - - 146 146 Radius UDP X Acceptable Network 1812,1813 1812,1813 147 147 WindowsUpdate TCP Safe SoftwareUpdate - - 148 148 TeamViewer TCP/UDP Acceptable RemoteAccess 5938 5938 149 149 EthernetGlobalData UDP X Acceptable IoT-Scada - - 150 150 LotusNotes TCP X Acceptable Collaborative - 1352 151 151 SAP TCP X Acceptable Network - 3201 152 152 GTP UDP X Acceptable Network 2152,2123 - 153 153 WSD UDP X Acceptable Network 3702 - 154 154 LLMNR TCP X Acceptable Network 5355 5355 155 155 TocaBoca UDP X Fun Game 5055 - 156 156 Spotify TCP/UDP Fun Music - - 157 157 FacebookMessenger TCP Acceptable Chat - - 158 158 H323 TCP/UDP X Acceptable VoIP 1719,1720 1719,1720 159 159 OpenVPN TCP/UDP Acceptable VPN 1194 1194 160 160 NOE UDP X Acceptable VoIP - - 161 161 CiscoVPN UDP X Acceptable VPN 10000 10000,8008 162 162 TeamSpeak TCP/UDP X Fun VoIP - - 163 163 Tor TCP Potentially Dangerous VPN - - 164 164 CiscoSkinny TCP X Acceptable VoIP - 2000 165 165 RTCP TCP X Acceptable VoIP - - 166 166 RSYNC TCP X Acceptable DataTransfer - 873 167 167 Oracle TCP X Acceptable Database - 1521 168 168 Corba TCP/UDP X Acceptable RPC - - 169 169 UbuntuONE TCP Acceptable Cloud - - 170 170 Whois-DAS TCP X Acceptable Network - 43,4343 171 171 SD-RTN UDP X Acceptable Media - - 172 172 SOCKS TCP X Acceptable Web 1080 1080 173 173 Nintendo UDP Fun Game - - 174 174 RTMP TCP X Acceptable Media - 1935 175 175 FTP_DATA TCP X Acceptable Download - 20 176 176 Wikipedia TCP Safe Web - - 177 177 ZeroMQ TCP X Acceptable RPC - - 178 178 Amazon TCP Acceptable Web - - 179 179 eBay TCP Safe Shopping - - 180 180 CNN TCP Safe Web - - 181 181 Megaco UDP X Acceptable VoIP 2944 - 182 182 RESP TCP X Acceptable Database - 6379 183 183 Pinterest TCP Fun SocialNetwork - - 184 184 VHUA UDP X Fun VoIP 58267 - 185 185 Telegram TCP/UDP Acceptable Chat - - 186 186 CoD_Mobile UDP X Fun Game - - 187 187 Pandora TCP Fun Streaming - - 188 188 QUIC UDP X Acceptable Web 443 - 189 189 Zoom UDP Acceptable Video - - 190 190 EAQ UDP X Acceptable Network 6000 - 191 191 Ookla TCP/UDP Safe Network - - 192 192 AMQP TCP X Acceptable RPC - - 193 193 KakaoTalk TCP Acceptable Chat - - 194 194 KakaoTalk_Voice UDP X Acceptable VoIP - - 195 195 Twitch TCP Fun Video - - 196 196 DoH_DoT TCP Acceptable Network 784,853 853 197 197 WeChat TCP Fun Chat - - 198 198 MPEG_TS UDP X Fun Media - - 199 199 Snapchat TCP Fun SocialNetwork - - 200 200 Sina TCP Fun SocialNetwork - - 201 201 GoogleMeet TCP Acceptable Chat - - 202 202 IFLIX TCP Fun Video - - 203 203 Github TCP Acceptable Collaborative - - 204 204 BJNP UDP X Acceptable System 8612 - 205 205 Reddit TCP Fun SocialNetwork - - 206 206 WireGuard UDP X Acceptable VPN 51820 - 207 207 SMPP TCP X Acceptable Download - - 208 208 DNScrypt TCP/UDP Acceptable Network - - 209 209 TINC TCP/UDP X Acceptable VPN 655 655 210 210 Deezer TCP Fun Music - - 211 211 Instagram TCP Fun SocialNetwork - - 212 212 Microsoft TCP Safe Cloud - - 213 213 Starcraft TCP/UDP X Fun Game 1119 1119 214 214 Teredo UDP X Acceptable Network - - 215 215 HotspotShield TCP Potentially Dangerous VPN - - 216 216 IMO UDP X Acceptable VoIP - - 217 217 GoogleDrive TCP Acceptable Cloud - - 218 218 OCS TCP Fun Media - - 219 219 Microsoft365 TCP Acceptable Collaborative - - 220 220 Cloudflare TCP Acceptable Web - - 221 221 MS_OneDrive TCP Acceptable Cloud - - 222 222 MQTT TCP X Acceptable RPC - 1883,8883 223 223 RX UDP X Acceptable RPC - - 224 224 AppleStore TCP Safe SoftwareUpdate - - 225 225 OpenDNS TCP Acceptable Web - - 226 226 Git TCP X Safe Collaborative - 9418 227 227 DRDA TCP X Acceptable Database - - 228 228 PlayStore TCP Safe SoftwareUpdate - - 229 229 SOMEIP TCP/UDP X Acceptable RPC 30491,30501,30490 30491,30501 230 230 FIX TCP X Safe RPC - - 231 231 Playstation TCP Fun Game - - 232 232 Pastebin TCP Potentially Dangerous Download - - 233 233 LinkedIn TCP Fun SocialNetwork - - 234 234 SoundCloud TCP Fun Music - - 235 235 SteamDatagramRelay UDP X Fun Game - - 236 236 LISP TCP/UDP X Acceptable Cloud 4342,4341 - 237 237 Diameter TCP X Acceptable Network - 3868 238 238 ApplePush TCP Acceptable Cloud - - 239 239 GoogleServices TCP Acceptable Web - - 240 240 AmazonVideo TCP/UDP Fun Cloud - - 241 241 GoogleDocs TCP Acceptable Collaborative - - 242 242 WhatsAppFiles TCP Acceptable Download - - 243 243 TargusDataspeed TCP X Acceptable Network 5001,5201 5001,5201 244 244 DNP3 TCP X Acceptable IoT-Scada - 20000 245 245 IEC60870 TCP X Acceptable IoT-Scada - 2404 246 246 Bloomberg TCP Acceptable Network - - 247 247 CAPWAP UDP X Acceptable Network 5246,5247 - 248 248 Zabbix TCP X Acceptable Network - 10050,10051 249 249 S7Comm TCP X Acceptable IoT-Scada - - 250 250 Teams TCP Safe Collaborative - - 251 251 WebSocket TCP X Acceptable Web - - 252 252 AnyDesk TCP Acceptable RemoteAccess - - 253 253 SOAP TCP X Acceptable RPC - - 254 254 AppleSiri TCP Acceptable VirtAssistant - - 255 255 SnapchatCall TCP Acceptable VoIP - - 256 256 HP_VIRTGRP TCP X Acceptable Network - - 257 257 GenshinImpact TCP/UDP X Fun Game 22102 - 258 258 Activision UDP Fun Game - - 259 259 FortiClient TCP Safe VPN - 8013,8014 260 260 Z3950 TCP X Acceptable Network - 210 261 261 Likee TCP Fun SocialNetwork - - 262 262 GitLab TCP Fun Collaborative - - 263 263 AVASTSecureDNS UDP Safe Network - - 264 264 Cassandra TCP X Acceptable Database - 7000,9042 265 265 AmazonAWS TCP Acceptable Cloud - - 266 266 Salesforce TCP Safe Cloud - - 267 267 Vimeo TCP Fun Streaming - - 268 268 FacebookVoip TCP Acceptable VoIP - - 269 269 SignalVoip TCP Acceptable VoIP - - 270 270 Fuze TCP Acceptable VoIP - - 271 271 GTP_U TCP X Acceptable Network - - 272 272 GTP_C TCP X Acceptable Network - - 273 273 GTP_PRIME TCP X Acceptable Network - - 274 274 Alibaba TCP Acceptable Web - - 275 275 Crashlytics TCP Acceptable DataTransfer - - 276 276 Azure TCP Acceptable Cloud - - 277 277 iCloudPrivateRelay TCP Acceptable VPN - - 278 278 EthernetIP TCP X Acceptable Network - 44818 279 279 Badoo TCP Fun SocialNetwork - - 280 280 AccuWeather TCP Fun Web - - 281 281 GoogleClassroom TCP Safe Collaborative - - 282 282 HSRP UDP X Acceptable Network 1985 - 283 283 Cybersec TCP Safe Cybersecurity - - 284 284 GoogleCloud TCP Acceptable Cloud - - 285 285 Tencent TCP Fun SocialNetwork - - 286 286 RakNet UDP X Fun Game - - 287 287 Xiaomi TCP Acceptable Web - - 288 288 Edgecast TCP Acceptable Cloud - - 289 289 Cachefly TCP Acceptable Cloud - - 290 290 Softether UDP Acceptable VPN - - 291 291 MpegDash TCP Fun Media - - 292 292 Dazn TCP Fun Streaming - - 293 293 GoTo TCP Acceptable VoIP - - 294 294 RSH TCP X Unsafe RemoteAccess - - 295 295 1kxun TCP Fun Streaming - - 296 296 PGM X Acceptable Network - - 297 297 IP_PIM X Acceptable Network - - 298 298 collectd UDP X Acceptable System 25826 - 299 299 TunnelBear TCP Acceptable VPN - - 300 300 CloudflareWarp UDP Acceptable VPN - - 301 301 i3D UDP X Fun Game - - 302 302 RiotGames UDP X Fun Game - - 303 303 Psiphon TCP Acceptable VPN - - 304 304 UltraSurf TCP X Acceptable VPN - - 305 305 Threema TCP X Fun Chat - - 306 306 AliCloud TCP X Acceptable Cloud - - 307 307 AVAST TCP X Safe Network - - 308 308 TiVoConnect TCP/UDP X Fun Network 2190 2190 309 309 Kismet TCP X Acceptable Network - - 310 310 FastCGI TCP X Safe Network - - 311 311 FTPS TCP X Unsafe Download - - 312 312 NAT-PMP UDP X Acceptable Network 5351 - 313 313 Syncthing UDP X Fun Download - - 314 314 CryNetwork UDP X Fun Game - - 315 315 Line TCP X Acceptable Chat - - 316 316 LineCall UDP X Acceptable VoIP - - 317 317 AppleTVPlus TCP Fun Streaming - - 318 318 DirecTV TCP Fun Streaming - - 319 319 HBO TCP Fun Streaming - - 320 320 Vudu TCP Fun Streaming - - 321 321 Showtime TCP Fun Streaming - - 322 322 Dailymotion TCP Fun Streaming - - 323 323 Livestream TCP Fun Streaming - - 324 324 Tencentvideo TCP Fun Streaming - - 325 325 IHeartRadio TCP Fun Music - - 326 326 Tidal TCP Fun Music - - 327 327 TuneIn TCP Fun Music - - 328 328 SiriusXMRadio TCP Fun Music - - 329 329 Munin TCP X Acceptable System - 4949 330 330 Elasticsearch TCP X Acceptable System - - 331 331 TuyaLP UDP X Acceptable IoT-Scada 6667 - 332 332 TPLINK_SHP TCP/UDP X Acceptable IoT-Scada 9999 9999 333 333 Source_Engine UDP X Fun Game 27015 - 334 334 BACnet UDP X Safe IoT-Scada 47808 - 335 335 OICQ UDP X Acceptable Chat 8000 - 336 336 Heroes_of_the_Storm UDP X Fun Game - - 337 337 FbookReelStory TCP Fun SocialNetwork - - 338 338 SRTP TCP X Acceptable Media - - 339 339 OperaVPN TCP Acceptable VPN - - 340 340 EpicGames UDP Fun Game - - 341 341 GeForceNow TCP Fun Game - - 342 342 Nvidia TCP Safe Web - - 343 343 BITCOIN TCP X Acceptable Crypto_Currency - 8333 344 344 ProtonVPN TCP Acceptable VPN - - 345 345 Thrift TCP/UDP X Acceptable RPC - - 346 346 Roblox TCP Fun Game - - 347 347 Service_Location_Protocol TCP/UDP X Acceptable RPC 427 427 348 348 Mullvad TCP Acceptable VPN - - 349 349 HTTP2 TCP X Safe Web - - 350 350 HAProxy TCP X Safe Web - - 351 351 RMCP UDP X Safe System 623 - 352 352 Controller_Area_Network TCP/UDP X Safe System - - 353 353 Protobuf TCP/UDP X Safe Network - - 354 354 ETHEREUM TCP/UDP X Acceptable Crypto_Currency - 30303 355 355 TelegramVoip TCP Acceptable VoIP - - 356 356 SinaWeibo TCP Fun SocialNetwork - - 357 357 TeslaServices TCP Acceptable Network - - 358 358 PTPv2 UDP X Acceptable System 319,320 - 359 359 RTPS UDP X Acceptable RPC 7401 - 360 360 OPC-UA TCP X Acceptable IoT-Scada - 4840 361 361 S7CommPlus TCP X Acceptable IoT-Scada - - 362 362 FINS TCP/UDP X Acceptable IoT-Scada 9600 9600 363 363 EtherSIO UDP X Acceptable IoT-Scada 6060 - 364 364 UMAS TCP X Acceptable IoT-Scada - - 365 365 BeckhoffADS TCP X Acceptable IoT-Scada - 48898 366 366 ISO9506-1-MMS TCP X Acceptable IoT-Scada - - 367 367 IEEE-C37118 TCP/UDP X Acceptable IoT-Scada 4713 4712 368 368 Ether-S-Bus UDP X Acceptable IoT-Scada 5050 - 369 369 Monero TCP Acceptable Crypto_Currency - - 370 370 DCERPC TCP/UDP X Acceptable RPC 135 135 371 371 PROFINET_IO UDP X Acceptable IoT-Scada - - 372 372 HiSLIP TCP X Acceptable IoT-Scada - 4880 373 373 UFTP UDP X Acceptable Download 1044 - 374 374 OpenFlow TCP X Acceptable Network - 6653 375 375 JSON-RPC TCP X Acceptable RPC - - 376 376 WebDAV TCP X Acceptable Collaborative - - 377 377 Kafka TCP X Acceptable RPC - 9092 378 378 NoMachine TCP/UDP X Acceptable RemoteAccess 4000 4000 379 379 IEC62056 TCP/UDP X Acceptable IoT-Scada 4059 4059 380 380 HL7 TCP X Acceptable RPC - 2575 381 381 Ceph TCP X Acceptable DataTransfer - 3300,6789 382 382 GoogleChat TCP Acceptable Chat - - 383 383 Roughtime TCP/UDP X Acceptable System 2002 2002 384 384 PrivateInternetAccess TCP Acceptable VPN - - 385 385 KCP TCP/UDP X Acceptable Network - - 386 386 Dota2 TCP Fun Game - - 387 387 Mumble UDP X Fun VoIP - - 388 388 Yojimbo UDP X Fun Game - - 389 389 ElectronicArts TCP Fun Game - - 390 390 STOMP TCP X Acceptable RPC - 61613 391 391 Radmin TCP X Acceptable RemoteAccess - 4899 392 392 Raft TCP X Acceptable Network - - 393 393 CIP UDP X Acceptable IoT-Scada 2222 - 394 394 Gearman TCP X Acceptable RPC - 4730 395 395 TencentGames TCP X Fun Game - - 396 396 GaijinEntertainment UDP X Fun Game 20011 - 397 397 ANSI_C1222 TCP/UDP X Acceptable IoT-Scada 1153 1153 398 398 Huawei TCP Acceptable Web - - 399 399 HuaweiCloud TCP Acceptable Cloud - - 400 400 DLEP TCP/UDP X Acceptable Network 854 854 401 401 BFD UDP X Acceptable Network 3784,3785 - 402 402 NetEaseGames UDP X Fun Game - - 403 403 PathofExile TCP X Fun Game - - 404 404 GoogleCall TCP Acceptable VoIP - - 405 405 PFCP UDP X Acceptable Network 8805 - 406 406 FLUTE UDP X Acceptable Download - - 407 407 LoLWildRift UDP X Fun Game - - 408 408 TES_Online TCP X Fun Game - - 409 409 LDP TCP/UDP X Acceptable Network 646 646 410 410 KNXnet_IP TCP/UDP X Acceptable IoT-Scada 3671 3671 411 411 Bluesky TCP Fun SocialNetwork - - 412 412 Mastodon TCP Fun SocialNetwork - - 413 413 Threads TCP Fun SocialNetwork - - 414 414 ViberVoip TCP Acceptable VoIP - - 415 415 ZUG UDP X Acceptable Crypto_Currency - - 416 416 JRMI TCP X Acceptable RPC - 1099 417 417 RipeAtlas UDP X Acceptable Network - - 418 418 HLS TCP X Fun Media - - 419 419 ClickHouse TCP X Acceptable Database - - 420 420 Nano TCP X Acceptable Crypto_Currency - 7075 421 421 OpenWire TCP X Acceptable RPC - 61616 422 422 CNP-IP UDP X Acceptable IoT-Scada - - 423 423 ATG TCP X Acceptable IoT-Scada - - 424 424 TRDP TCP/UDP X Acceptable IoT-Scada 17224,17225 17225 425 425 Lustre TCP X Acceptable DataTransfer - - 426 426 NordVPN TCP Acceptable VPN - - 427 427 SurfShark TCP Acceptable VPN - - 428 428 CactusVPN TCP Acceptable VPN - - 429 429 Windscribe TCP Acceptable VPN - - 430 430 Sonos TCP Fun Music - -
Cybersecurity Analysis
nDPI is able to identify specific “risks” in network traffic by reporting flow risks. Below you can find the list of supported risks
Id Code Risk Severity Score CliScore SrvScore 1 NDPI_URL_POSSIBLE_XSS XSS Attack Severe 150 135 15 2 NDPI_URL_POSSIBLE_SQL_INJECTION SQL Injection Severe 150 135 15 3 NDPI_URL_POSSIBLE_RCE_INJECTION RCE Injection Severe 150 135 15 4 NDPI_BINARY_APPLICATION_TRANSFER Binary App Transfer Severe 150 75 75 5 NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT Known Proto on Non Std Port Medium 50 25 25 6 NDPI_TLS_SELFSIGNED_CERTIFICATE Self-signed Cert High 100 90 10 7 NDPI_TLS_OBSOLETE_VERSION Obsolete TLS (v1.1 or older) High 100 90 10 8 NDPI_TLS_WEAK_CIPHER Weak TLS Cipher High 100 90 10 9 NDPI_TLS_CERTIFICATE_EXPIRED TLS Cert Expired High 100 10 90 10 NDPI_TLS_CERTIFICATE_MISMATCH TLS Cert Mismatch High 100 50 50 11 NDPI_HTTP_SUSPICIOUS_USER_AGENT HTTP Susp User-Agent High 100 90 10 12 NDPI_NUMERIC_IP_HOST HTTP/TLS/QUIC Numeric Hostname/SNI Low 10 5 5 13 NDPI_HTTP_SUSPICIOUS_URL HTTP Susp URL High 100 90 10 14 NDPI_HTTP_SUSPICIOUS_HEADER HTTP Susp Header High 100 90 10 15 NDPI_TLS_NOT_CARRYING_HTTPS TLS (probably) Not Carrying HTTPS Low 10 5 5 16 NDPI_SUSPICIOUS_DGA_DOMAIN Susp DGA Domain name High 100 90 10 17 NDPI_MALFORMED_PACKET Malformed Packet Low 10 5 5 18 NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER SSH Obsolete Cli Vers/Cipher High 100 90 10 19 NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER SSH Obsolete Ser Vers/Cipher Medium 50 5 45 20 NDPI_SMB_INSECURE_VERSION SMB Insecure Vers High 100 90 10 21 NDPI_TLS_SUSPICIOUS_ESNI_USAGE TLS Susp ESNI Usage Medium 50 25 25 22 NDPI_TLS_SUSPICIOUS_ESNI_USAGE Unsafe Protocol Low 10 5 5 23 NDPI_DNS_SUSPICIOUS_TRAFFIC Susp DNS Traffic Medium 50 45 5 24 NDPI_TLS_MISSING_SNI Missing SNI TLS Extn Medium 50 25 25 25 NDPI_HTTP_SUSPICIOUS_CONTENT HTTP Susp Content High 100 90 10 26 NDPI_RISKY_ASN Risky ASN Medium 50 25 25 27 NDPI_RISKY_DOMAIN Risky Domain Name Medium 50 25 25 28 NDPI_MALICIOUS_FINGERPRINT Malicious Fingerpint Medium 50 25 25 29 NDPI_MALICIOUS_SHA1_CERTIFICATE Malicious SSL Cert/SHA1 Fingerp. Medium 50 25 25 30 NDPI_DESKTOP_OR_FILE_SHARING_SESSION Desktop/File Sharing Low 10 5 5 31 NDPI_TLS_UNCOMMON_ALPN Uncommon TLS ALPN Medium 50 25 25 32 NDPI_TLS_CERT_VALIDITY_TOO_LONG TLS Cert Validity Too Long Medium 50 25 25 33 NDPI_TLS_SUSPICIOUS_EXTENSION TLS Susp Extn High 100 90 10 34 NDPI_TLS_FATAL_ALERT TLS Fatal Alert Low 10 5 5 35 NDPI_SUSPICIOUS_ENTROPY Susp Entropy Low 10 5 5 36 NDPI_CLEAR_TEXT_CREDENTIALS Clear-Text Credentials High 100 90 10 37 NDPI_DNS_LARGE_PACKET Large DNS Packet (512+ bytes) Medium 50 25 25 38 NDPI_DNS_FRAGMENTED Fragmented DNS Message Medium 50 25 25 39 NDPI_INVALID_CHARACTERS Non-Printable/Invalid Chars Detected High 100 90 10 40 NDPI_POSSIBLE_EXPLOIT Possible Exploit Attempt Severe 150 135 15 41 NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE TLS Cert About To Expire Medium 50 5 45 42 NDPI_PUNYCODE_IDN IDN Domain Name Low 10 1 9 43 NDPI_ERROR_CODE_DETECTED Error Code Low 10 1 9 44 NDPI_HTTP_CRAWLER_BOT Crawler/Bot Low 10 1 9 45 NDPI_ANONYMOUS_SUBSCRIBER Anonymous Subscriber Medium 50 25 25 46 NDPI_UNIDIRECTIONAL_TRAFFIC Unidirectional Traffic Low 10 5 5 47 NDPI_HTTP_OBSOLETE_SERVER HTTP Obsolete Server Medium 50 5 45 48 NDPI_PERIODIC_FLOW Periodic Flow Low 10 1 9 49 NDPI_MINOR_ISSUES Minor Issues Low 10 1 9 50 NDPI_MINOR_ISSUES TCP Connection Issues Medium 50 25 25 51 NDPI_FULLY_ENCRYPTED Fully Encrypted Flow Medium 50 25 25 52 NDPI_TLS_ALPN_SNI_MISMATCH ALPN/SNI Mismatch Medium 50 25 25 53 NDPI_MALWARE_HOST_CONTACTED Client Contacted A Malware Host Severe 150 135 15 54 NDPI_BINARY_DATA_TRANSFER Binary File/Data Transfer (Attempt) Medium 50 25 25 55 NDPI_PROBING_ATTEMPT Probing Attempt Medium 50 25 25 56 NDPI_OBFUSCATED_TRAFFIC Obfuscated Traffic High 100 90 10
ETA (Encrypted Traffic Analysis)
The trend of Internet traffic is going towards encrypted content often using TLS/QUIC. nDPI allows you to extract metadata from encrypted communications and also classify encrypted traffic.
Documentation
You can refer to the documentation page for nDPI manuals.
Please Contribute!
DPI is a time-consuming activity as protocols change quite often. This means that it’s necessary to update the code from time to time and add extensions. We would encourage anyone out there to help us adding or enhancing new protocols: we will put your contributions on our SVN and make them available to everyone free of charge. In fact the main reason why we decided to go for nDPI instead of using the original library, is that the company behind OpenDPI has never replied to our offers to merge the extensions we coded onto the original source code.
License
nDPI is distributed under the GNU LGPLv3 license and available in source code format.
Operating Systems
Get It
nDPI is automatically downloaded when you build ntop tools. However nothing prevents you from using it as a standalone DPI library. The source code can be downloaded from the download section.
nDPI is a registered trademark.