CatchWire is an ideal platform for running lightweight Deep Packet Inspection library engine from ntop (nDPI).
nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the LGPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. Furthermore, the ntop team modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that are unnecessary for network traffic monitoring and slow down the DPI engine.
nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also unknown protocols on standard ports (e.g. detect Skype traffic on port 80).
nDPI can help identify 250+ applications (i.e., Layer-7), e.g., Skype, BitTorrent and Citrix , including protocols considered potentially malicious (e.g., Tor and even SSH and SSL that in certain scenarios can hide something more dangerous such as VPN).
nProbe integrates seamlessly with ntopng, a passive network monitoring tool focused on flows and statistics that can be obtained from the traffic captured by CatchWire. ntopng offers a series of out-of-the-box features, such as geolocation of traffic, and can help identify – for example – network mapping attempts by hackers.