Closed wanderernxa closed 1 year ago
Does ndpi look at the applications running on the system?
sharppcap is designed for packet capture only, so you can use packetnet for analysis, or if you’d like, pass the packets into ndpi (if that’s how ndpi works)
I am pretty sure that you have to pass the packets to the ndpi library for analysis, so I figured I can pass the packets from libpcap to ndpi for analysis. I checked PacketNet and it doesnt seem to do HTTPS analysis. How would I go about adding protocols to the Packetnet library for analysis?
thanks.
@wanderernxa I assume you mean https://github.com/ntop/nDPI
nDPI is a packet Inspection Software Toolkit, sharppcap is packet capture library.
Adding nDPI to sharppcap does not make much sense, since sharpcap itself offer no packet decoding,
The packet decoding is provided by https://github.com/dotpcap/packetnet feel free to make a proposal to support nDPI there, but I believe it's outside the scope of what sharppcap.
Hi, First of all...great work! Since NDPI does deep packet inspection and has an extensive library for interrogating the application stack, would it be possible to use that library instead of the libpcap or is it possible to use it side by side? Like pass the captured packets from libpcap to the ndpi library?
thanks