This experimental, unoptimized, proof-of-concept application implements a "Beat-like" Elasticsearch Bulk shipper, feeding on nDPI protocol detections from a live capture socket as source. Do NOT use for any purpose other than crashing a thread.
nDPI is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions. We have tried to push them into the OpenDPI source tree but nobody answered emails so we have decided to create our own source tree
npm install
npm run mkndpi
npm start
{
"_index": "ndpi-2017.07.16",
"_type": "ndpi",
"_id": "AV1Mf5Wbqfm0n-9A-lsL",
"_score": null,
"_source": {
"l7_protocol": "HTTP",
"tsl_protocol": "tcp",
"saddr": {
"addr": "10.0.0.2"
},
"daddr": {
"addr": "10.0.0.1"
},
"sport": 19200,
"dport": 48630,
"psize": 1402,
"ts": "2017-07-16T17:43:35.579Z"
}
}