Skip to content

feat: nDPI application-layer identification (#40)#47

Merged
NotYuSheng merged 2 commits intomainfrom
feature/ndpi-app-identification
Mar 27, 2026
Merged

feat: nDPI application-layer identification (#40)#47
NotYuSheng merged 2 commits intomainfrom
feature/ndpi-app-identification

Conversation

@NotYuSheng
Copy link
Copy Markdown
Owner

@NotYuSheng NotYuSheng commented Mar 27, 2026

Summary

  • Integrates ndpiReader as a subprocess to identify 300+ application protocols (Zoom, WhatsApp, Telegram, Signal, Discord, Teams, Viber, etc.) per conversation
  • Switches Docker runtime base to Ubuntu Jammy so libndpi-bin is available; fixes tshark debconf hang with DEBIAN_FRONTEND=noninteractive; adds BuildKit apt cache mounts for faster rebuilds
  • Surfaces appName across the frontend: Conversations table badge column, Conversation detail panel, Network topology edge labels, and Overview "Applications Detected" pill badges
  • Adds sample PCAP files from ntop/nDPI test suite for Telegram, WhatsApp, Zoom, Signal, Discord, Teams, and Viber

Test plan

  • Upload sample-files/telegram.pcap → Overview should show "Telegram" badge; Conversations table should show Application column with purple badge
  • Upload sample-files/zoom.pcap → Overview should show "Zoom" badge in blue (#2D8CFF)
  • Upload sample-files/whatsapp.pcap → "WhatsApp" badge in green (#25D366)
  • Confirm Network topology edges show app name in label (e.g. "Telegram (42)") when nDPI identifies the flow
  • Click a conversation with appName → detail panel shows "Application: Telegram" row
  • Upload a plain PCAP with no identifiable app traffic → no Application column, no badges shown (graceful degradation)
  • Verify docker compose build completes without hanging and is faster on subsequent builds due to apt cache

Closes #40

🤖 Generated with Claude Code

@NotYuSheng @claude
feat: nDPI application-layer identification for network conversations
8f4aea6 
Integrates ndpiReader subprocess to identify 300+ application protocols
(Zoom, WhatsApp, Telegram, etc.) per conversation in uploaded PCAP files.

- Backend: NdpiService runs ndpiReader -i <file> -v 2, parses per-flow
  text output, and enriches ConversationInfo with appName
- DB: V4 migration adds app_name column to conversations table
- DTOs/Entity: appName propagated through all response types
- Docker: switched runtime base to ubuntu jammy for libndpi-bin support,
  added DEBIAN_FRONTEND=noninteractive to fix tshark debconf hang,
  added BuildKit apt cache mounts for faster rebuilds
- Frontend: appName surfaces in Conversations table (badge column),
  Conversation detail panel, Network topology edge labels, and
  Overview "Applications Detected" pill badges
- Sample PCAPs: added Telegram, WhatsApp, Zoom, Signal, Discord, Teams,
  Viber samples from ntop/nDPI test suite

Closes #40

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces application-layer protocol identification using nDPI. It includes a new NdpiService that runs ndpiReader as a subprocess to enrich network conversations with application names (e.g., Zoom, WhatsApp). The backend has been updated to store and serve this data, and the frontend now displays application labels in the conversation list, details, and analysis overview. Additionally, the LLM story generation prompt was enhanced to include protocol breakdowns and top conversations. Feedback suggests improving error handling in NdpiService by logging the full exception and capturing the standard error stream, as well as centralizing the application color logic in the frontend for better maintainability.

Comment thread backend/src/main/java/com/tracepcap/analysis/service/NdpiService.java Outdated
Comment thread backend/src/main/java/com/tracepcap/analysis/service/NdpiService.java Outdated
Comment thread frontend/src/components/conversation/ConversationDetail/ConversationDetail.tsx Outdated
@NotYuSheng @claude
refactor: address PR #47 review comments
68c8e77 
- NdpiService: drain stderr to logger at DEBUG level instead of discarding,
  so ndpiReader diagnostics are visible when troubleshooting
- NdpiService: pass full exception to log.warn() to include stack trace
- Frontend: extract shared getAppColor() utility (src/utils/appColors.ts)
  used by ConversationList, ConversationDetail, and AnalysisOverview,
  eliminating three copies of the hardcoded color fallback

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@NotYuSheng NotYuSheng merged commit ba178be into main Mar 27, 2026
@NotYuSheng NotYuSheng deleted the feature/ndpi-app-identification branch March 27, 2026 14:27
@NotYuSheng NotYuSheng mentioned this pull request Mar 28, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Application-layer traffic identification via nDPI integration

1 participant

@NotYuSheng