Example tool for libndpi
ndpiReader -i file.pcap|device [options]
The ndpiReader command is an example tool that uses libndpi. ndpiReader is able to read from a pcap file or catpure traffic from a network interface and process it with libndpi. It implements only some basic features just to show what can be done with libndpi.
-i file.pcap|device
Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list).
-f bpf_filter
Specify a BPF filter for filtering selected traffic.
-s duration
Maximum capture duration in seconds (live traffic capture only).
-p file.protos
Specify a protocol file (eg. protos.txt).
-l num_loops
Number of detection loops (test only).
-n num_threads
Number of threads. Default: number of interfaces in -i. Ignored with pcap files.
-j file.json
Specify a file to write the content of packets in .json format.
-g id:id...
Thread affinity mask (one core id per thread).
-d
Disable protocol guess and use only DPI.
-t
Dissect GTP tunnels.
-h
Display a usage message.
-v 1|2
Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose.
-V 1|2
Verbose libndpi trace log print. 1=trace, 2=debug.