Metadata Extraction
Netify DPI - Metadata Extraction
Netify's metadata extraction provides valuable network intelligence by showing you what is happening on the network. Network traffic flows into Netify DPI on one side, and metadata emerges on the other. Metadata includes:
- Hostnames
- IP Data
- Network Fingerprints
- Encryption and Ciphers
- Bandwidth Statistics
- Performance Statistics
- Preliminary Risk Analysis
An example of network metadata from WhatsApp is shown in the adjacent information box.
Hostnames
Using the Netify deep packet inspection engine, we extract hostnames and metadata from the following network protocols:
Netify matches these hostnames and domains against signatures to show what's happening on your network.
Encryption and Ciphers
Extracting encryption ciphers using Netify DPI is a valuable cybersecurity tool. By deciphering the encryption methods used, malicious activities can be fingerprinted and detected. In addition, the firewall and QoS plugin can enforce encryption standards and policies on the network.
Application and Protocol Data
Netify DPI's application and protocol metadata makes it possible to detect, measure, and manage the network traffic important to end users.
Sample network metadata from Netify DPI:
{
"type": "flow",
"interface": "ens34",
"internal": true,
"established": false,
"flow": {
"category": {
"application": 17,
"domain": 0,
"protocol": 22
},
"risks": {
"ndpi_risk_score": 10,
"ndpi_risk_score_client": 5,
"ndpi_risk_score_server": 5,
"risks": [ 15 ]
},
"digest": "09c9e2b73d68fef245c09141cb63dad8d9001a6c",
"ip_nat": false,
"ip_version": 4,
"ip_protocol": 6,
"vlan_id": 0,
"other_type": "remote",
"local_origin": true,
"other_mac": "00:90:fb:29:ca:ba",
"local_mac": "a0:c9:a0:e5:2c:eb",
"other_ip": "31.13.80.53",
"local_ip": "192.168.4.105",
"other_port": 443,
"local_port": 38972,
"detected_protocol": 196,
"detected_protocol_name": "HTTPS",
"detected_application": 544,
"detected_application_name": "142.netify.whatsapp",
"detection_guessed": 0,
"ssl": {
"alpn": [
"h2",
"http/1.1"
],
"alpn_server": [],
"version": "0x0303",
"cipher_suite": "0xc02b",
"client_sni": "static.whatsapp.net",
"server_cn": "*.whatsapp.net",
"client_ja3": "d8c87b9bfde38897979e41242626c2f3",
"server_ja3": "6e15a5bf660856fa03186247ca41d059",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www...",
"subject_dn": "C=US, ST=California, L=Menlo..."
},
"first_seen_at": 1574786068665,
"first_update_at": 1574786068665,
"last_seen_at": 1574786068715
}
}
Further Reading
- Available network metadata
- Blocking weak security protocols on the network
Netify Informatics is an optional solution that ingests raw data from Netify DPI, adds network intelligence, and provides reporting & APIs for high-level analysis.
The Netify DPI metadata extraction feature is used in Informatics risk and reputation, geolocation and device discovery.
Integration and Custom Solutions
Do you have any questions about integration, APIs or custom development?
Contact Us