A comprehensive Deep Packet Inspection (DPI) system designed for multicast traffic analysis with real-time policy enforcement and traffic classification
Project description
Multicast DPI System
A comprehensive Deep Packet Inspection (DPI) system designed for multicast traffic analysis with real-time policy enforcement and traffic classification. This system provides enterprise-grade network monitoring capabilities with modular architecture for easy customization and extension.
🚀 Features
- Real-time Packet Capture: Live multicast traffic monitoring with high-performance packet processing
- Deep Packet Inspection: Protocol identification, signature matching, and encrypted traffic analysis
- Intelligent Traffic Classification: Rule-based and flow-aware classification with ML-ready architecture
- Policy Enforcement: Real-time policy application with per-flow caching and dynamic re-evaluation
- Configuration Generation: Automatic device configuration generation (Cisco IOS/NX-OS)
- Comprehensive Logging: Structured logging with JSON output for analysis and monitoring
- Modular Architecture: Interface-based design for easy extension and customization
📦 Installation
From PyPI (Recommended)
pip install multicast-dpi-system
From Source
git clone https://github.com/yourusername/multicast-dpi-system.git
cd multicast-dpi-system
pip install -e .
Development Installation
git clone https://github.com/yourusername/multicast-dpi-system.git
cd multicast-dpi-system
pip install -e ".[dev]"
🛠️ Quick Start
1. Basic Usage
from multicast_dpi_system import MulticastDPISystem
from src.utils.config_handler import ConfigManager
from src.utils.logging_utils import LoggingManager
# Initialize the system
config_manager = ConfigManager()
logging_manager = LoggingManager(config_manager.get_logging_config())
system = MulticastDPISystem(logging_manager, config_manager)
# Start the system
system.start()
# The system will automatically:
# - Capture multicast packets
# - Perform DPI analysis
# - Classify traffic
# - Apply policies
# - Generate configurations
2. Command Line Interface
# Run the system with default configuration
multicast-dpi
# Or run the main module directly
python -m src.main
⚙️ Configuration
The Multicast DPI System is configured entirely through YAML configuration files. All user interaction happens via these configuration files, making it suitable for automated deployment and management.
Configuration Structure
configs/
├── dpi_config.yaml # DPI Engine configuration
├── packet_capture.yaml # Packet capture settings
├── classification_rules.yaml # Traffic classification rules
├── policy_config.yaml # Policy management settings
└── signatures.json # Protocol signatures
Configuration Files
1. DPI Configuration (configs/dpi_config.yaml)
dpi_engine:
enabled: true
signature_matching:
enabled: true
confidence_threshold: 0.8
protocol_identification:
enabled: true
timeout_ms: 100
encryption_analysis:
enabled: true
heuristics_enabled: true
2. Packet Capture Configuration (configs/packet_capture.yaml)
packet_capture:
interface: "eth0"
multicast_groups:
- "224.0.0.1"
- "224.0.0.2"
buffer_size: 65536
promiscuous_mode: true
filter_expression: "multicast"
capture_timeout: 1000
3. Classification Rules (configs/classification_rules.yaml)
classification_rules:
video_streaming:
conditions:
- field: "protocol"
operator: "equals"
value: "UDP"
- field: "dst_port"
operator: "in_range"
value: [5000, 6000]
category: "video_streaming"
priority: "medium"
bandwidth_class: "high"
voice_call:
conditions:
- field: "protocol"
operator: "equals"
value: "UDP"
- field: "dst_port"
operator: "equals"
value: 5060
category: "voice_call"
priority: "high"
bandwidth_class: "medium"
4. Policy Configuration (configs/policy_config.yaml)
policy_manager:
enabled: true
cleanup_interval_minutes: 60
default_policies:
- name: "Block Malicious Traffic"
action: "block"
conditions:
- field: "signatures"
operator: "contains"
value: "malware"
priority: "critical"
- name: "Throttle Video Streaming"
action: "throttle"
parameters:
bandwidth_mbps: 5
conditions:
- field: "traffic_category"
operator: "equals"
value: "video_streaming"
priority: "medium"
🏗️ Architecture
The system follows a modular, interface-based architecture with the following core components:
Core Modules
1. Packet Capture (src/packet_capture/)
- LivePacketCapture: Real-time packet capture with multicast support
- MulticastListener: Specialized multicast group monitoring
- FilterEngine: Packet filtering and preprocessing
- PacketBuffer: Efficient packet buffering and management
2. DPI Engine (src/dpi_engine/)
- DPIEngine: Main DPI processing engine
- ProtocolIdentifier: Protocol detection and identification
- SignatureMatcher: Pattern-based signature matching
- EncryptedAnalyzer: Encrypted traffic analysis
3. Traffic Classifier (src/traffic_classifier/)
- TrafficClassifier: Main classification orchestrator
- RuleBasedClassifier: Rule-based traffic classification
- FlowAwareClassifier: Flow-aware classification with statistics
- FlowStatsManager: Flow statistics management
4. Policy Manager (src/policy_manager/)
- PolicyManager: Main policy enforcement engine
- PolicyEngine: Policy evaluation and execution
- PolicyConfigManager: Policy configuration management
- Policy Models: Policy data structures and models
5. Configuration Generator (src/config_generator/)
- CiscoConfigGenerator: Cisco IOS/NX-OS configuration generation
- ConfigurationManager: Automatic configuration management
- Config Models: Configuration data structures
Data Flow
Packet Capture → DPI Engine → Traffic Classifier → Policy Manager → Config Generator
↓ ↓ ↓ ↓ ↓
Raw Packets → Protocol ID → Classification → Policy Enforcement → Device Configs
📊 Monitoring and Logging
Log Files
The system generates comprehensive logs in the logs/ directory:
system.log: General system information and debug logspacket_capture.log: Raw packet capture data (JSON format)dpi_engine.log: DPI analysis results (JSON format)traffic_classification.log: Classification results (JSON format)policy_manager.log: Policy enforcement actions (JSON format)config_generator.log: Configuration generation logs (JSON format)
Statistics
Each module provides detailed statistics:
# Get system statistics
system_stats = system.get_system_status()
# Get classification statistics
classifier_stats = system.traffic_classifier.get_classification_statistics()
# Get policy statistics
policy_stats = system.policy_manager.get_statistics()
# Get configuration statistics
config_stats = system.configuration_manager.get_statistics()
🔧 Customization
Adding Custom Classifiers
from src.interfaces.traffic_classifier import ITrafficClassifier
class CustomClassifier(ITrafficClassifier):
def classify_traffic(self, context: PacketContext) -> ClassificationResult:
# Your custom classification logic
pass
Adding Custom Policies
from src.policy_manager.policy_models import PolicyRule, PolicyAction, PolicyCondition
custom_policy = PolicyRule(
name="Custom Policy",
description="Custom policy description",
conditions=[
PolicyCondition(field="src_ip", operator="equals", value="192.168.1.100")
],
action=PolicyAction.BLOCK,
priority=PolicyPriority.HIGH
)
system.policy_manager.add_policy(custom_policy)
Adding Custom Configuration Generators
from src.interfaces.config_generator import IConfigGenerator
class CustomConfigGenerator(IConfigGenerator):
def generate_from_policies(self, policy_results: List[Dict[str, Any]]) -> str:
# Your custom configuration generation logic
pass
🧪 Testing
Run Tests
# Run all tests
pytest
# Run with coverage
pytest --cov=src
# Run specific test module
pytest tests/test_packet_capture.py
Development Tools
# Code formatting
black src/
# Linting
flake8 src/
# Type checking
mypy src/
📈 Performance
The system is designed for high-performance multicast traffic analysis:
- Packet Processing: 100,000+ packets/second
- Memory Usage: <100MB for typical deployments
- CPU Usage: <10% on modern hardware
- Latency: <1ms per packet
🤝 Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🆘 Support
- Documentation: https://multicast-dpi-system.readthedocs.io/
- Issues: https://github.com/yourusername/multicast-dpi-system/issues
- Discussions: https://github.com/yourusername/multicast-dpi-system/discussions
🙏 Acknowledgments
- Built with Scapy for packet manipulation
- Uses dpkt for packet parsing
- Inspired by enterprise DPI solutions
Note: This system is designed for multicast traffic analysis and may require root/administrator privileges for packet capture operations.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file multicast_dpi_system-1.0.0.tar.gz.
File metadata
- Download URL: multicast_dpi_system-1.0.0.tar.gz
- Upload date:
- Size: 61.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4d145625f7a3f891266be57ef774b3074b8b22242981093bce737f3408f90a8c
|
|
| MD5 |
21ea32cf9479924d1af2b949a5d99939
|
|
| BLAKE2b-256 |
4dad43c67f17c04c48534e7069ec68bfd393a6a0327d2da54a7e66fddea071e2
|
File details
Details for the file multicast_dpi_system-1.0.0-py3-none-any.whl.
File metadata
- Download URL: multicast_dpi_system-1.0.0-py3-none-any.whl
- Upload date:
- Size: 76.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e1de04ea1f26486231d197c03b8a88988ed451434643d11e9a8cf168a26371fa
|
|
| MD5 |
a440d7f9eb83f86b83b8b191c06dcbe7
|
|
| BLAKE2b-256 |
045f8a3d057e6e1dc4025356dac978542032878b696e765f664d92a43467502b
|
