Does anyone know,how to get single packet information through nDPI or any other DPi libraries.
Asked
Active
Viewed 964 times
0
-
I'd place my bets that someone might know. – Steven Anderson Feb 05 '16 at 06:12
1 Answers
1
Does anyone know,how to get single packet information through nDPI
For nDPI, call ndpi_detection_process_packet() - as the documentation generated from its comment says, it "will processes one packet and returns the ID of the detected protocol", as it's "the main packet processing function" in nDPI. As my other answer indicated, it won't give you a detailed dissection of the packet, but that's not what it's designed to do; it's designed to quickly recognize packet types (quicker than a detailed packet dissector such as the ones in Wireshark) rather than to show you the detailed packet headers.
-
1ya i understood the concept of nDPI harris.The thing is that i should modify the library to get single packet information right.so that i need some samples or hint to do that.if anyone knows or tried please suggest me.....And Thanks a lot harris – Tech Feb 06 '16 at 07:23
-
1What do you mean by "single packet information"? You can hand a single packet to nDPI, but it won't give you very much information, because that's not what nDPI was designed for - it was designed to quickly recognize packets and assign them to flows, not to do the sort of detailed packet dissection that Wireshark, for example, does. You want detailed packet dissection, you might just want to start with Wireshark (and various third-party plugins if it doesn't handle all the protocols you're interested in). – Feb 06 '16 at 07:55
-
1ya obviuously what you are saying is right harris.so far i have an idea to merge tcpdump and nDPI?? – Tech Feb 06 '16 at 09:33