[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-6633":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":24,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},6633,"nDPI","ntop\u002FnDPI","ntop","Open Source Deep Packet Inspection Software Toolkit","http:\u002F\u002Fwww.ntop.org",null,"C",4491,990,149,57,0,7,31,4,67.59,"GNU Lesser General Public License v3.0",false,"dev",true,[26,27,28,29,30,31],"cybersecurity","deep-packet-inspection","dpi","ndpi","network","traffic-analysis","2026-06-12 04:00:29","# nDPI\n\n[![Build Status](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Factions\u002Fworkflow\u002Fstatus\u002Fntop\u002FnDPI\u002Fbuild.yml?branch=dev&logo=github)](https:\u002F\u002Fgithub.com\u002Fntop\u002FnDPI\u002Factions?query=workflow%3ABuild)\n[![Fuzzing Status](https:\u002F\u002Foss-fuzz-build-logs.storage.googleapis.com\u002Fbadges\u002Fndpi.svg)](https:\u002F\u002Fbugs.chromium.org\u002Fp\u002Foss-fuzz\u002Fissues\u002Flist?sort=-opened&can=1&q=proj:ndpi)\n\n## What is nDPI ?\n\nnDPI® is an open source LGPLv3 library for deep-packet inspection.\n\nA generic FAQ about nDPI is available [here](https:\u002F\u002Fgithub.com\u002Fntop\u002FnDPI\u002Fblob\u002Fdev\u002Fdoc\u002FFAQ.rst)\n\n### How To Compile nDPI\n\nIn order to compile this project do\n\n- .\u002Fautogen.sh && .\u002Fconfigure\n- make\n\nIf you get some errors while compiling `croaring.c`, try:\n\n- .\u002Fautogen.sh && .\u002Fconfigure --enable-old-croaring\n- make\n\nTo compile the library w\u002Fo any tools or tests:\n\n- .\u002Fautogen.sh && .\u002Fconfigure --with-only-libndpi\n- make\n\nOut-of-tree builds are supported:\n- .\u002Fautogen.sh\n- mkdir build\n- cd build\n- ..\u002Fconfigure && make\n\nTo run tests do additionally:\n\n- .\u002Ftests\u002Fdo.sh # Generate and check for diff's in PCAP files\n- .\u002Ftests\u002Fdo-unit.sh # Run unit tests\n- .\u002Ftests\u002Fdo-dga.sh # Run DGA detection test\n\nor run all with: `make check`\n\nPlease note that the (minimal) pre-requisites for compilation include:\n- GNU tools (autoconf automake libtool pkg-config gettext flex bison)\n- GNU C compiler (gcc) or Clang\n\nOn Debian\u002FUbuntu systems do:\n- sudo apt-get install build-essential git gettext flex bison libtool autoconf automake pkg-config libpcap-dev libjson-c-dev libnuma-dev libpcre2-dev libmaxminddb-dev librrd-dev\n\nOn Arch Linux:\n- sudo pacman -S gcc git gettext flex bison libtool autoconf automake pkg-config libpcap json-c numactl pcre2 libmaxminddb rrdtool\n\nOn FreeBSD:\n- sudo pkg install gcc git gettext flex bison libtool autoconf automake devel\u002Fpkgconf gmake libpcap json-c pcre2 libmaxminddb rrdtool\n\nRemember to use `gmake` and not `make` on FreeBSD\n\nOn MacOS:\n- brew install coreutils gcc git gettext flex bison libtool autoconf automake pkg-config libpcap json-c pcre2 libmaxminddb rrdtool\n\nOn Windows:\n\nThere are three supported ways to build nDPI:\n\n1. MSYS2 (assuming [MSYS2](https:\u002F\u002Fwww.msys2.org\u002F) already installed):\n  - msys2 -c \"pacman --noconfirm -S --needed --overwrite '\\*' git mingw-w64-x86\\_64-toolchain automake1.16 automake-wrapper autoconf libtool make mingw-w64-x86\\_64-json-c mingw-w64-x86\\_64-crt-git mingw-w64-x86\\_64-pcre2 mingw-w64-x86\\_64-libpcap\"\n\n2. Mingw-w64\n\n3. Visual Studio (see `windows\u002FnDPI.sln`)\n\nNote: All Windows versions require [npcap](https:\u002F\u002Fnpcap.com\u002F#download) with WinPcap compatibility mode enabled.\n\n### How To Build The Documentation\n\n- pip install --upgrade pip\n- pip install -r doc\u002Frequirements.txt\n- make doc\n\nUse the builtin python3 webserver to view documentation:\n- make doc-view\n\n### How To Add A New Protocol Dissector\n\nThe entire procedure of adding new protocols in detail:\n\n1. Add new protocol together with its unique ID to: `src\u002Finclude\u002Fndpi_protocol_ids.h`\n2. Create a new protocol in: `src\u002Flib\u002Fprotocols\u002F`\n3. Variables to be kept for the duration of the entire flow (as state variables) need to be placed in: `src\u002Finclude\u002Fndpi_typedefs.h` in `ndpi_flow_tcp_struct` (for TCP only), `ndpi_flow_udp_struct` (for UDP only), or `ndpi_flow_struct` (for both).\n4. Add a new entry for the search function for the new protocol in: `src\u002Finclude\u002Fndpi_private.h`\n5. Choose (do not change anything) a selection bitmask from: `src\u002Finclude\u002Fndpi_define.h`\n6. Set protocol default ports in `ndpi_init_protocol_defaults` in: `src\u002Flib\u002Fndpi_main.c`\n7. Be sure to have nBPF support, cloning `PF_RING` in the same directory where you cloned `nDPI`: `git clone https:\u002F\u002Fgithub.com\u002Fntop\u002FPF_RING\u002F && cd PF_RING\u002Fuserland\u002Fnbpf && .\u002Fconfigure && make`. You can ignore the `\u002Fbin\u002Fsh: 1: ..\u002Flib\u002Fpfring_config: not found` error\n8. From the `nDPI` root directory, `.\u002Fautogen.sh && .\u002Fconfigure --with-pcre2` (nBPF and PCRE2 are usually optional, but they are needed to run\u002Fupdate *all* the unit tests)\n9. `make`\n10. `make check`\n11. Update the documentation, adding this new protocol to `doc\u002Fprotocols.rst`\n12. Update the Windows Visual Studio configuration, adding the new c file in `windows\u002FnDPI.vcxproj`\n\n### How to use nDPI to Block Selected Traffic\n\nYou can use nDPI to selectively block selected Internet traffic by embedding it onto an application (remember that nDPI is just a library). Both [ntopng](https:\u002F\u002Fgithub.com\u002Fntop\u002Fntopng) and [nProbe cento](http:\u002F\u002Fwww.ntop.org\u002Fproducts\u002Fnetflow\u002Fnprobe-cento\u002F) can do this.\n\n### nDPI Paper Citation\n\n- Deri, Luca, et al. [nDPI: Open-source high-speed deep packet inspection](http:\u002F\u002Fluca.ntop.org\u002FnDPI.pdf) 2014 International Wireless Communications and Mobile Computing Conference (IWCMC). IEEE, 2014.\n\n### Videos and Presentations\n\n- [The Ultimate Guide to nDPI](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=NndEp7__Y1A) [2025]\n- [Using nDPI to solve real life problems: from First Packet Classification to Obfuscated Traffic detection](https:\u002F\u002Fpacketfest.ntop.org\u002Fslides\u002FNardi.pdf) [PacketFest, 2025]\n- [Passive Network Traffic Fingerprinting](https:\u002F\u002Ffosdem.org\u002F2025\u002Fschedule\u002Fevent\u002Ffosdem-2025-5461-passive-network-traffic-fingerprinting\u002F) [FOSDEM, 2025]\n- [A Deep Dive Into Traffic Fingerprints using Wireshark](https:\u002F\u002Fwww.dropbox.com\u002Fscl\u002Ffo\u002Fzm5amy8fkwz2pj3ojz12a\u002FAMKbeuIToNPH9wCAqB1OWdQ?rlkey=ihnva3yz5heonw59m8br3lxvj&e=2&dl=0) [SharkFest, 2024]\n- [Network Traffic Classification for Cybersecurity and Monitoring](https:\u002F\u002Ffosdem.org\u002F2022\u002Fschedule\u002Fevent\u002Fusing_ndpi_to_efficiently_classify_network_traffic\u002F) [FOSDEM, 2022]\n- [Using nDPI for Monitoring and Security](https:\u002F\u002Farchive.fosdem.org\u002F2021\u002Fschedule\u002Fevent\u002Fnemondpi\u002F) [FOSDEM, 2021]\n- [Knowing the Unknown: How to Monitor and Troubleshoot an Unfamiliar Network](https:\u002F\u002Fwww.ntop.org\u002Fwp-content\u002Fuploads\u002F2017\u002F06\u002FnDPI_Sharkfest_2017.pdf) [SharkFest, 2017]\n\n\n\n\n\n### nDPI-Related Projects\n\n- [nfstream](https:\u002F\u002Fgithub.com\u002Faouinizied\u002Fnfstream)\n- [nDPId](https:\u002F\u002Fgithub.com\u002Futoni\u002FnDPId)\n\n### DISCLAIMER\n\nWhile we do our best to detect network protocols, we cannot guarantee that our software is error free and 100% accurate in protocol detection. Please make sure that you respect the privacy of users and you have proper authorization to listen, capture and inspect network traffic.\n\nnDPI is a registered trademark in the US and EU.\n\n[ntopng_logo]: https:\u002F\u002Fcamo.githubusercontent.com\u002F0f789abcef232035c05e0d2e82afa3cc3be46485\u002F687474703a2f2f7777772e6e746f702e6f72672f77702d636f6e74656e742f75706c6f6164732f323031312f30382f6e746f706e672d69636f6e2d313530783135302e706e67\n\n[ntop_logo]: https:\u002F\u002Fcamo.githubusercontent.com\u002F58e2a1ecfff62d8ecc9d74633bd1013f26e06cba\u002F687474703a2f2f7777772e6e746f702e6f72672f77702d636f6e74656e742f75706c6f6164732f323031352f30352f6e746f702e706e67\n","nDPI 是一个开源的深度包检测软件工具包。它使用 C 语言编写，提供强大的网络流量分析功能，能够识别和分类各种网络协议。nDPI 的核心特点包括高效的协议解析、支持多种操作系统和编译环境，并且可以通过扩展来支持新的协议。该项目适合网络安全、网络管理和流量监控等场景，帮助企业或个人更好地理解和管理网络流量。",2,"2026-06-11 03:07:59","top_language"]