# ntop/ndpi

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/ntop-ndpi).**

4,506 stars · 992 forks · C · LGPL-3.0

## Links

- GitHub: https://github.com/ntop/nDPI
- Homepage: http://www.ntop.org
- awesome-repositories: https://awesome-repositories.com/repository/ntop-ndpi.md

## Topics

`cybersecurity` `deep-packet-inspection` `dpi` `ndpi` `network` `traffic-analysis`

## Description

nDPI is a deep packet inspection toolkit and network protocol classifier designed to identify protocols and detect security threats through packet payload inspection. It functions as a network security monitor and a traffic analysis framework used to determine the services originating network flows.

The system utilizes a modular dissector architecture and a sequence-based dissector chain to interpret network traffic. It supports custom protocol definition and protocol dissector extensions, allowing for the identification of proprietary or new network protocols.

The toolkit provides capabilities for network protocol identification, security threat detection, and network traffic filtering. These functions enable the monitoring of communication patterns to identify malicious behavior and the selective blocking of unwanted network packets.

## Tags

### System Administration & Monitoring

- [Packet Inspection](https://awesome-repositories.com/f/system-administration-monitoring/packet-inspection.md) — Provides deep analysis of network packet payloads to identify underlying protocols and services in real time.
- [Analysis Frameworks](https://awesome-repositories.com/f/system-administration-monitoring/network-traffic-analysis/analysis-frameworks.md) — Provides a framework for defining custom protocol detection rules and interpreting proprietary network traffic.

### Part of an Awesome List

- [Network Security Monitoring](https://awesome-repositories.com/f/awesome-lists/security/network-security-monitoring.md) — Analyzes network traffic and flow behavior to identify malicious communication patterns and security risks.

### Networking & Communication

- [Flow Tracking Engines](https://awesome-repositories.com/f/networking-communication/network-connection-detectors/connection-states/flow-tracking-engines.md) — Maintains stateful tracking of network flows to analyze communication behavior across multiple packets.
- [Protocol Dissectors](https://awesome-repositories.com/f/networking-communication/network-protocols/protocol-dissectors.md) — Implements a modular system of pluggable protocol dissectors for parsing and analyzing network traffic.
- [Analysis Chains](https://awesome-repositories.com/f/networking-communication/network-protocols/protocol-dissectors/analysis-chains.md) — Uses a sequence-based chain of dissectors to progressively identify the originating protocol of a network flow.
- [Protocol Classifiers](https://awesome-repositories.com/f/networking-communication/network-protocols/protocol-dissectors/protocol-classifiers.md) — Determines the originating service of a network flow using a sequence of specialized protocol dissectors.
- [Custom Network Protocols](https://awesome-repositories.com/f/networking-communication/custom-network-protocols.md) — Supports the definition of custom communication rules to recognize proprietary or new network protocols. ([source](https://github.com/ntop/nDPI/blob/dev/doc/FAQ.rst))

### Security & Cryptography

- [Behavioral Threat Detection](https://awesome-repositories.com/f/security-cryptography/behavioral-threat-detection.md) — Monitors network flow behavior and traffic patterns to detect malicious activity and security threats.
- [Payload-Based Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/payload-based-traffic-filtering.md) — Inspects packet payloads to differentiate between protocols and filter traffic beyond port-level analysis.
- [Malicious Traffic Blocking](https://awesome-repositories.com/f/security-cryptography/malicious-traffic-blocking.md) — Identifies and selectively drops unwanted network packets to block communication with malicious entities. ([source](https://cdn.jsdelivr.net/gh/ntop/ndpi@dev/README.md))
- [Network Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/network-traffic-filtering.md) — Enables selective blocking or dropping of unwanted network packets based on identified protocol traffic.

### Software Engineering & Architecture

- [Protocol Signature Matching](https://awesome-repositories.com/f/software-engineering-architecture/pattern-matching-libraries/regex-pattern-matchers/traffic-signature-matching/protocol-signature-matching.md) — Matches packet payloads against a database of predefined signatures to identify specific network services.
