nDPI: Open-source high-speed deep packet inspection

Author

Deri, Luca ; Martinelli, Mario ; Bujlow, T. ; Cardigliano, Alfredo

Author_Institution

IIT, Pisa, Italy

fYear

2014

fDate

4-8 Aug. 2014

Firstpage

617

Lastpage

622

Abstract

Network traffic analysis was traditionally limited to packet header, because the transport protocol and application ports were usually sufficient to identify the application protocol. With the advent of port-independent, peer-to-peer, and encrypted protocols, the task of identifying application protocols became increasingly challenging, thus creating a motivation for creating tools and libraries for network protocol classification. This paper covers the design and implementation of nDPI, an open-source library for protocol classification using both packet header and payload. nDPI was extensively validated in various monitoring projects ranging from Linux kernel protocol classification, to analysis of 10 Gbit traffic, reporting both high protocol detection accuracy and efficiency.

Keywords

Linux; cryptographic protocols; operating system kernels; peer-to-peer computing; telecommunication traffic; transport protocols; Linux kernel protocol classification; application protocol identification; encrypted protocols; monitoring projects; nDPI; network protocol classification; network traffic analysis; open-source high-speed deep packet inspection; open-source library; packet header; payload; peer-to-peer protocols; port-independent protocols; protocol detection accuracy; protocol detection efficiency; transport protocol; IP networks; Libraries; Monitoring; Open source software; Payloads; Ports (Computers); Protocols; Deep Packet Inspection; Passive traffic classification; network traffic monitoring;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International

Conference_Location

Nicosia

Print_ISBN

978-1-4799-7324-8

Type

conf

DOI

10.1109/IWCMC.2014.6906427

Filename

6906427