Thursday, November 28, 2019

nDPI CSV Export - Help understanding outputs

HI all
Iv started to play with nDPI to do packet capture analysis, and im using the NDPIreader to export a pcap to csv

Looking at the exports I can see alot of useful information like source and destination IP and port, and protocol used,

But im trying to understand why it has source to destination bytes as well as destination to source bytes

I would have assumed that traffic only flows from the source to the destination,
EG request a website, PC -> Server, sends x number of bytes
website responds, Server -> PC, sends y number of bytes.

I dont see why there should be a destination to source traffic.

or is nDPI being clever and bundling stuff together?

Hopefully someone can help answer my question.



No comments:

Post a Comment