how to install and configure nDPI in ubuntu

Hi Techrunnr readers, this tutorial shows you how to install and configure nDPI in ubuntu.
nDPI is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions. We have tried to push them into the OpenDPI source tree but nobody answered emails so we have decided to create our own source tree.


nDPI is used for application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

1. Update the ubuntu system with latest modules. run the bellow commands

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install linux-source

2. Install necessary tools and libraries.

sudo apt-get install libtool
sudo apt-get install autoconf
sudo apt-get install pkg-config
sudo apt-get install subversion
sudo apt-get install iptables-dev
sudo apt-get install libpcap-dev

3. Download the source code form GitHub. It will download the source as a zip file.

wget https://github.com/betolj/ndpi-netfilter/archive/master.zip

4. Go to download folder and move it to /usr/src directory and unzip it.

cd ~/Downloads/
mv ndpi-netfilter-master.zip /usr/src/
cd /usr/src/
unzip ndpi-netfilter-master.zip

5. Go inside nDPI directory.

cd /usr/src/ndpi-netfilter-master/nDPI/

6. Run bellow commands to compile, install and configure the code. make sure to use sudo for each command, otherwise you will get a error sometime.

sudo ./autogen.sh
sudo make
sudo make install
cd ..
sudo NDPI_PATH=/usr/src/ndpi-netfilter-master/nDPI make
sudo make modules_install
sudo cp /usr/src/ndpi-netfilter-master/ipt/libxt_ndpi.so /lib/xtables/

Now we have successfully configured everything which need to be setup a traffic controlling.
Here is some sample iptables rules.

sudo iptables -m ndpi –help # will print help and all the protocols which can be used.
sudo iptables -A INPUT -m ndpi –youtube -j DROP # Block youtube
sudp iptables -A INPUT -m ndpi –facebook -j DROP # Block facebook
sudp iptables -A INPUT -m ndpi –skype -j DROP # Block skype

Now you can set your own rule to block or accept any service under the protocol list.

© 2018, Techrunnr. All rights reserved.

Questions Answered
Articles Written
Overall Points

prabhin

He is Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.