SYNOPSIS

ndpiReader -i file.pcap|device [options]

DESCRIPTION

The ndpiReader command is an example tool that uses libndpi. ndpiReader is able to read from a pcap file or catpure traffic from a network interface and process it with libndpi. It implements only some basic features just to show what can be done with libndpi.

OPTIONS

-i file.pcap|device

Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list).

-f bpf_filter

Specify a BPF filter for filtering selected traffic.

-s duration

Maximum capture duration in seconds (live traffic capture only).

-p file.protos

Specify a protocol file (eg. protos.txt).

-l num_loops

Number of detection loops (test only).

-n num_threads

Number of threads. Default: number of interfaces in -i. Ignored with pcap files.

-j file.json

Specify a file to write the content of packets in .json format.

-g id:id...

Thread affinity mask (one core id per thread).

-d

Disable protocol guess and use only DPI.

-t

Dissect GTP tunnels.

-h

Display a usage message.

-v 1|2

Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose.

-V 1|2

Verbose libndpi trace log print. 1=trace, 2=debug.