2026-11-04 –, Room 1 Language: English
At SharkFest '24, we introduced the fundamentals of open-source deep packet inspection (DPI) using nDPI. Since then, network adversaries and stealth VPN providers have significantly evolved, rendering traditional methods like JA4 insufficient against heavily obfuscated traffic. This 1-hour follow-up session is split into two core sections.First, we explore advanced traffic fingerprinting techniques that surpass current state-of-the-art standards.
- We will demonstrate how to leverage Wireshark to capture, dissect, and label complex traffic streams to drive these new nDPI capabilities.
- We address what happens when fingerprinting fails against highly evasive protocols.
- We will show how Wireshark data feeds into a data pipeline to train Transformer-based AI models to unmask stealth VPN traffic.
- The session concludes with a live demonstration showcasing both advanced DPI extensions and the AI model detecting disguised traffic in real time.
Luca Deri is the leader of the ntop project (www.ntop.org), aimed at developing an open-source monitoring platform for high-speed traffic analysis and cybersecurity. He worked for the University College of London and IBM Research, before receiving his PhD at the University of Berne with a thesis about software components for traffic monitoring applications. Well-known in the open-source and Linux community, he currently shares his time between the ntop project and the University of Pisa where he has been appointed as a lecturer in the CS department.