how to install and configure nDPI in ubuntu2 min read
how to install and configure nDPI in ubuntu
Hi Techrunnr readers, this tutorial shows you how to install and configure nDPI in ubuntu.
nDPI is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions. We have tried to push them into the OpenDPI source tree but nobody answered emails so we have decided to create our own source tree.
nDPI is used for application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.
1. Update the ubuntu system with latest modules. run the bellow commands
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install linux-source
2. Install necessary tools and libraries.
sudo apt-get install libtool
sudo apt-get install autoconf
sudo apt-get install pkg-config
sudo apt-get install subversion
sudo apt-get install iptables-dev
sudo apt-get install libpcap-dev
3. Download the source code form GitHub. It will download the source as a zip file.
4. Go to download folder and move it to /usr/src directory and unzip it.
mv ndpi-netfilter-master.zip /usr/src/
5. Go inside nDPI directory.
6. Run bellow commands to compile, install and configure the code. make sure to use sudo for each command, otherwise you will get a error sometime.
sudo make install
sudo NDPI_PATH=/usr/src/ndpi-netfilter-master/nDPI make
sudo make modules_install
sudo cp /usr/src/ndpi-netfilter-master/ipt/libxt_ndpi.so /lib/xtables/
Now we have successfully configured everything which need to be setup a traffic controlling.
Here is some sample iptables rules.
sudo iptables -m ndpi –help # will print help and all the protocols which can be used.
sudo iptables -A INPUT -m ndpi –youtube -j DROP # Block youtube
sudp iptables -A INPUT -m ndpi –facebook -j DROP # Block facebook
sudp iptables -A INPUT -m ndpi –skype -j DROP # Block skype
Now you can set your own rule to block or accept any service under the protocol list.