Hi all. There is an interesting project that was called opendpi
(originally by ipoque GmbH) and recently been forked and maintained by
the ntop guys under the nDPI label. It offers a new and currently
maintained layer 7 (L7) packet identification library. It could
definitely benefit from more eyes and development effort, but at present
it gives much better breakdown of traffic for ntop
There is a netfilter library, originally by Elian Gidoni, that I have
updated to use the nDPI fork
https://github.com/ewildgoose/ndpi-netfilter
The practical upshot is that you can do stuff like:
iptables -I FORWARD -m opendpi --WinUpdate -j LOG
or
iptables -I FORWARD -m opendpi --skype -j REJECT
In theory you can also filter Facebook, Twitter, etc, but I concede that
doesn't seem to work as expected right now...
Another of the clever things that nDPI does is to try and classify SSL
traffic by examining the name on the cert. A technique that seems
likely to allow crude identification of significant traffic.
We could benefit from more eyes on this, both the netfilter module and
the nDPI library
Thanks for your feedback
Ed W
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
