Session

Modern network visibility and security are heavily based on understanding the behavior of the application-layer. However, ubiquitous encryption and stealthy evasion protocols have severely degraded the effectiveness of legacy firewalls. This talk proposal introduces the latest advancements in nDPI, an open-source Deep Packet Inspection (DPI) toolkit. We explore how modern DPI transcends simple payload parsing by leveraging cryptographic fingerprints to identify malicious actors despite encryption.

Furthermore, we expose structural flaws in industry-standard fingerprinting methodologies like JA3 and JA4 when confronted with ephemeral TLS extensions. Finally, we present the practical integration of nDPI within the Linux kernel firewall architecture for real-time traffic optimization, alongside architectural blueprints utilizing PF_RING and SmartNIC flow managers to achieve deterministic 100 Gbps traffic monitoring and hardware-accelerated enforcement.