nDPI Derin Paket İnceleme Aracı Üzerinde Bir Çalışma

Year 2023, Volume: 16 Issue: 2, 137 - 146, 20.11.2023

Zehra Nur Özbay Mehmet Emin Dalkılıç

https://doi.org/10.54525/tbbmd.1253700

Abstract

Derin paket inceleme (DPI), ağ paketlerini beş katmanlı ağ modelinde bulunan uygulama katmanına kadar analiz ederek ağda bulunan uygulama protokollerini tespit etmek için kullanılan ileri seviye bir paket tanımlama yöntemidir. Bu çalışmada DPI yöntemi kullanarak paket tanımlaması yapan açık kaynak kodlu nDPI kütüphanesi ele alınmıştır. Bu kütüphane üzerinden yeni uygulama protokolü tespiti ve eksikliği bulunan bazı protokollere de eklemeler sağlanarak alana katkıda bulunulması hedeflenmiştir. Ayrıca, nDPI tarafından yanlış kategorize edildiği tespit edilen ağ paketleri için yeni kural tanımlarının yapılarak bu gibi durumların düzeltilmesi sağlanmıştır. Tüm bunlar için, ağ trafiği Wireshark paket yakalama aracıyla kaydedilip paket içerikleri analiz edilerek yeni kurallar oluşturulmuş ve yeni bulunan uygulama protokolleri nDPI kütüphanesine eklenmiştir. Son olarak, nDPI’da uygulama protokolü tespiti için yapılan çalışmaların kısmi bir otomasyonu yazılmıştır.

Keywords

Derin paket inceleme, DPI, nDPI, Deep packet inspection

A Study on the nDPI Deep Packet Inspection Tool

Abstract

Deep packet inspection (DPI) is a an advanced packet identification method used to detect application protocols found in the network by analyzing network packets up to the application layer in the five-layer network model. In this study, the open source nDPI library, which uses DPI method to identify packets, is discussed. It is aimed to contribute to the field by detecting new application protocols and adding some missing protocols through this library. In addition, new rule definitions were made for network packets that were found to be miscategorized by nDPI, and such cases were corrected. For all these, network traffic was recorded with Wireshark packet capture tool, packet contents were analyzed, new rules were created and newly found application protocols were added to the nDPI library. Finally, a partial automation of the work done for the application protocol detection in nDPI was written.

Keywords

Deep packet inspection, DPI, nDPI

References

• Vailshery, L. S., “IoT connected devices worldwide 2030”, https://www.statista.com/statistics/1183457/iot-connected-devicesworldwide/ , 2021.
• Brook, C., “What is Deep Packet Inspection? How it Works, Use Cases for DPI, and More”, https://digitalguardian.com/blog/what-deep-packet-inspection-how-it-works-use-cases-dpi-and-more, 2018.
• Renals, P. and Jacoby, G. A., Blocking skype through deep packet inspection, 42nd Hawaii International Conference on System Sciences, 2009, pp. 1-5, doi: 10.1109/HICSS.2009.90.
• Saputra, F. A., Nadhori, I. U. and Barry, B. F., Detecting and blocking onion router traffic using deep packet inspection, 2016 International Electronics Symposium (IES), 2016, pp. 283-288, doi: 10.1109/ELECSYM.2016.7861018.
• Radityatama, G. A., Lim, C. and Ipung, H. P., Toward full enterprise software support on nDPI, 6th International Conference on Information and Communication Technology (ICoICT), 2018, pp. 1-6, doi: 10.1109/ICoICT.2018.8528792.
• ntop, “nDPI”, https://github.com/ntop/nDPI.git, 2023.
• aaWireshark, “About Wireshark”, https://www.wireshark.org/about.html, 2023.
• Wikibooks, “Intellectual Property and the Internet/Deep packet inspection”, https://en.wikibooks.org/wiki/Intellectual_Property_and_the_Internet/Deep_packet_inspection, 2023.
• Xu, C., Chen, S., Su, J., Yiu, S. M. and Hui, L. C. K., A survey on regular expression matching for deep packet inspection: Applications, algorithms, and hardware platforms, IEEE Communications Surveys & Tutorials, 18(4), 2016, pp. 2991-3029, doi: 10.1109/COMST.2016.2566669.
• Papadogiannaki, E. and Ioannidis, S., A survey on encrypted network traffic analysis applications, techniques, and countermeasures, ACM Computing Surveys, 2021, 54(6), pp. 1-35, https://doi.org/10.1145/3457904
• Mellia, M., Pescapè, A. and Salgarelli, L., Traffic classification and its applications to modern networks, Computer Networks (Vol. 53), 2009, pp. 759-760, 10.1016/j.comnet.2008.12.007.
• Bendrath, R., Global technology trends and national regulation: Explaining variation in the governance of deep packet inspection, International Studies Annual Convention, New York, 2009, pp. 15–18.
• .ntop, “nDPI 4.6 (Feb 2023)”, https://github.com/ntop/nDPI/releases/tag/4.6, 2023.
• Deri, L., Martinelli, M., Bujlow, T. and Cardigliano, A., nDPI: Open-source high-speed deep packet inspection, 2014 International Wireless Communications and Mobile Computing Conference, 2014, pp. 617-622, doi: 10.1109/IWCMC.2014.6906427.
• Attia H. B., "q - Run SQL directly on CSV or TSV files", http://harelba.github.io/q/.
• Fast Company Türkiye, “En büyük 100 internet şirketi”, https://fastcompany.com.tr/calisma-hayati/en-buyuk-100-internet-sirketi/ , 2020.
• DSM Grup Danışmanlık İletişim ve Satış Ticaret A.Ş, https://www.dsmgrup.com/.
• E-Şirket, https://e-sirket.mkk.com.tr/esir/.
• Whitney, L., "How poor password habits put your organization at risk", https://www.techrepublic.com/article/how-poor-password-habits-put-your-organization-at-risk/, 2021.
• Crafford, L., "7 Bad Password Habits to Break Now", https://blog.lastpass.com/2021/01/7-bad-password-habits-to-break-now-2/, 2021.
• Delinea, "What is a Pass-the-Hash attack?", https://delinea.com/what-is/pass-the-hash-attack-pth, 2022.
• Google and The Harris Poll, "The United States of P@ssw0rd$", https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/PasswordCheckup-HarrisPoll-InfographicFINAL.pdf, 2019.