Last Change: 2018-09-07, 16:50
powered by manpag.es
ndpiReader − example tool for libndpi
ndpiReader -i file.pcap|device [options]
The ndpiReader command is an example tool that uses libndpi. ndpiReader is able to read from a pcap file or catpure traffic from a network interface and process it with libndpi. It implements only some basic features just to show what can be done with libndpi.
−i file.pcap|device
Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list).
−f bpf_filter
Specify a BPF filter for filtering selected traffic.
−s duration
Maximum capture duration in seconds (live traffic capture only).
−p file.protos
Specify a protocol file (eg. protos.txt).
−l num_loops
Number of detection loops (test only).
−n num_threads
Number of threads. Default: number of interfaces in −i. Ignored with pcap files.
−j file.json
Specify a file to write the content of packets in .json format.
−g id:id...
Thread affinity mask (one core id per thread).
|
−d |
Disable protocol guess and use only DPI. |
||
|
−t |
Dissect GTP tunnels. |
||
|
−h |
Display a usage message. |
||
|
−v 1|2 |
Verbose ’unknown protocol’ packet print. 1=verbose, 2=very verbose. |
||
|
−V 1|2 |
Verbose libndpi trace log print. 1=trace, 2=debug. |