下载nDPI

1
2
3
4
5
[root@shanghai ~]# mkdir -p nDPI
[root@shanghai nDPI]# wget --no-check-certificate https://github.com/ntop/nDPI/archive/2.2.tar.gz -O nDPI-2.2.tar.gz
[root@shanghai nDPI]# md5sum nDPI-2.2.tar.gz
e5f73354c082c7136572c846d166d3cb nDPI-2.2.tar.gz
[root@shanghai nDPI]# tar xf nDPI-2.2.tar.gz

编译 安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@shanghai nDPI]# cd nDPI-2.2
[root@shanghai nDPI-2.2]# ./autogen.sh

#执行 ./autogen.sh 过程出现的错误 及 解决
ERROR: Missing libpcap(-dev) library required to compile the example application # yum install -y libpcap-devel

[root@shanghai nDPI-2.2]# ./autogen.sh
[root@shanghai nDPI-2.2]# echo $? #检查执行状态
0
[root@shanghai nDPI-2.2]#

[root@shanghai nDPI-2.2]# ./configure --prefix=/opt/nDPI
[root@shanghai nDPI-2.2]# echo $?
0
[root@shanghai nDPI-2.2]#

[root@shanghai nDPI-2.2]# make && make install

测试报文类型侦测效果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
[root@shanghai nDPI-2.2]# ./example/ndpiReader -i tests/pcap/http_ipv6.pcap

-----------------------------------------------------------
* NOTE: This is demo app to show *some* nDPI features.
* In this demo we have implemented only some basic features
* just to show you what you can do with the library. Feel
* free to extend it and send us the patches for inclusion
------------------------------------------------------------

Using nDPI (2.2.0) [1 thread(s)]
Reading packets from pcap file tests/pcap/http_ipv6.pcap...
Running thread 0...

nDPI Memory statistics:
nDPI Memory (once): 114.65 KB
Flow Memory (per flow): 1.92 KB
Actual Memory: 2.48 MB
Peak Memory: 2.48 MB

Traffic statistics:
Ethernet bytes: 70959 (includes ethernet CRC/IFC/trailer)
Discarded bytes: 0
IP packets: 193 of 193 packets total
IP bytes: 66327 (avg pkt size 343 bytes)
Unique flows: 15
TCP Packets: 128
UDP Packets: 65
VLAN Packets: 0
MPLS Packets: 0
PPPoE Packets: 0
Fragmented Packets: 0
Max Packet size: 3579
Packet Len < 64: 115
Packet Len 64-128: 5
Packet Len 128-256: 28
Packet Len 256-1024: 25
Packet Len 1024-1500: 17
Packet Len > 1500: 3
nDPI throughput: 162.32 K pps / 455.32 Mb/sec
Analysis begin: 23/Nov/2015 16:58:43
Analysis end: 23/Nov/2015 16:59:06
Traffic throughput: 8.39 pps / 24.09 Kb/sec
Traffic duration: 23.016 sec
Guessed flow protos: 1


Detected protocols:
SSL packets: 106 bytes: 39646 flows: 11
Facebook packets: 22 bytes: 10202 flows: 2
Google packets: 62 bytes: 15977 flows: 1
QUIC packets: 3 bytes: 502 flows: 1


Protocol statistics:
Safe 55623 bytes
Acceptable 502 bytes
Fun 10202 bytes
[root@shanghai nDPI-2.2]#

查看安装的文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

[root@shanghai nDPI-2.2]# tree /opt/nDPI/
/opt/nDPI/
├── bin
│ └── ndpiReader
├── include
│ └── libndpi-2.2.0
│ └── libndpi
│ ├── ndpi_api.h
│ ├── ndpi_define.h
│ ├── ndpi_includes.h
│ ├── ndpi_main.h
│ ├── ndpi_protocol_ids.h
│ ├── ndpi_protocols.h
│ └── ndpi_typedefs.h
└── lib
├── libndpi.a
├── libndpi.la
├── libndpi.so -> libndpi.so.1.0.0
├── libndpi.so.1 -> libndpi.so.1.0.0
├── libndpi.so.1.0.0
└── pkgconfig
└── libndpi.pc

6 directories, 14 files
[root@shanghai nDPI-2.2]#