ndpiReader - example tool for libndpi
ndpiReader -i file.pcap|device [options]
The ndpiReader command is an example tool that uses
libndpi. ndpiReader is able to read from a pcap file or catpure
traffic from a network interface and process it with libndpi. It implements
only some basic features just to show what can be done with libndpi.
- -i
file.pcap|device
- Specify a pcap file/playlist to read packets from or a device for live
capture (comma-separated list).
- -f bpf_filter
- Specify a BPF filter for filtering selected traffic.
- -s duration
- Maximum capture duration in seconds (live traffic capture only).
- -p
file.protos
- Specify a protocol file (eg. protos.txt).
- -l num_loops
- Number of detection loops (test only).
- -n
num_threads
- Number of threads. Default: number of interfaces in -i. Ignored
with pcap files.
- -j file.json
- Specify a file to write the content of packets in .json format.
- -g id:id...
- Thread affinity mask (one core id per thread).
- -d
- Disable protocol guess and use only DPI.
- -t
- Dissect GTP tunnels.
- -h
- Display a usage message.
- -v 1|2
- Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose.
- -V 1|2
- Verbose libndpi trace log print. 1=trace, 2=debug.