Online / 6 & 7 February 2021


Using nDPI for Monitoring and Security

nDPI in practice

As most of modern traffic is now encrypted, deep packet inspection is becoming a key component for providing visibility in network traffic. nDPI is an open source toolkit able to detect application protocols both in plain text and encrypted traffic, extract metadata information, and detect relevant cybersecurity information. This talk shows how nDPI can be used in real life to monitor network traffic, report key information metrics and detect malicious communications.

The pervasive use of encrypted protocols and new communication paradigms based on mobile and home IoT devices has obsoleted traffic analysis techniques that relied on clear text analysis. DPI (Deep Packet Inspection) is a key component to provide network visibility on network traffic. nDPI is an open source toolkit designed to detect application protocols on both plain and encrypted traffic. it is also able to extract relevant metadata information including metrics on encrypted traffic for easy classification and accounting. This talk introduces nDPI, demonstrate how to use it in real life examples, and it presents how it can be effectively used not only for traffic monitoring but also in cybersecurity being it able to detect unusual traffic behaviour and security issues.


Photo of Luca Deri Luca Deri