Performed some grammar and typo fixes

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,7 +1,7 @@
 Please sign (check) the below before submitting the Pull Request:
 
 - [ ] I have signed the ntop Contributor License Agreement at https://github.com/ntop/legal/blob/main/individual-contributor-licence-agreement.md
-- [ ] I have read the contributing guide lines at https://github.com/ntop/nDPI/blob/dev/CONTRIBUTING.md
+- [ ] I have read the contributing guidelines at https://github.com/ntop/nDPI/blob/dev/CONTRIBUTING.md
 - [ ] I have updated the documentation (in doc/) to reflect the changes made (if applicable)
 
 Link to the related [issue](https://github.com/ntop/nDPI/issues):

CONTRIBUTING.md

@@ -5,7 +5,7 @@ Please keep all code, comments, issues and pull requests in English, otherwise t
 ## Found a bug?
 
 - First, check there are no already open issues for the bug. See [here](https://github.com/ntop/nDPI/issues).
-- If there is not open issue addressing the bug, [open a new one](https://github.com/ntop/nDPI/issues/new).
+- If there is no open issue addressing the bug, [open a new one](https://github.com/ntop/nDPI/issues/new).
 - Make sure to include a **descriptive and clear title and description**, including the **version of nDPI** being used.
 - Try to include steps to reproduce the bug.
 - If applicable, try to provide a stacktrace.

README.md

@@ -5,7 +5,7 @@
 
 ## What is nDPI ?
 
-nDPI® is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions. We have tried to push them into the OpenDPI source tree but nobody answered emails so we have decided to create our own source tree
+nDPI® is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions. We have tried to push them into the OpenDPI source tree but nobody answered emails, so we have decided to create our own source tree
 
 A generic FAQ about nDPI® is available [here](https://github.com/ntop/nDPI/blob/dev/doc/FAQ.md)
 

doc/FAQ.md

@@ -3,10 +3,10 @@
 From https://www.ntop.org/ndpi/ndpi-internals-and-frequent-questions/
 
 **Q**: How nDPI implements protocol detection?\
-**A**: nDPI includes a list of protocol dissectors (364 as of today) that are able to dissect protocols such as WhatsApp or TLS. As soon as a new flow is submitted to nDPI, the library applies in sequence dissectors that can potentially match the protocols (i.e. telnet is a TCP-based protocol and it will not be considered for UDP flows). We start from the dissector that can most probably match using the port number. This means for traffic on TCP/22 nDPI will start with the SSH dissectors and if not matching continue with the others. Dissection completes as soon as a protocol matches or when none of them matched and in this case the flow will be labelled as Unknown.
+**A**: nDPI includes a list of protocol dissectors (364 as of today) that are able to dissect protocols such as WhatsApp or TLS. As soon as a new flow is submitted to nDPI, the library applies in sequence dissectors that can potentially match the protocols (i.e. telnet is a TCP-based protocol, and it will not be considered for UDP flows). We start from the dissector that can most probably match using the port number. This means for traffic on TCP/22 nDPI will start with the SSH dissectors and if not matching continue with the others. Dissection completes as soon as a protocol matches or when none of them matched and in this case the flow will be labelled as Unknown.
 
 **Q**: What is the nDPI release cycle?\
-**A**: We cut release a approximately every 6-8 months, fixes and improvements are on a daily basis (check the nDPI code on GitHub).
+**A**: We cut a release approximately every 6-8 months, fixes and improvements are on a daily basis (check the nDPI code on GitHub).
 
 **Q**: Is nDPI running on all popular platforms?\
 **A**: Yes it runs on Linux, macOS, Windows… and also on not-so-popular ones such as IBM mainframes. We support ARM, Intel, RISC… architectures.
@@ -15,19 +15,19 @@ From https://www.ntop.org/ndpi/ndpi-internals-and-frequent-questions/
 **A**: It depends on the protocol. For UDP-based protocols such as DNS one packet is enough, for more complex protocols such as TLS about 10 packets. For sure if after 15-20 packets nDPI has not detected the application protocol, then the protocol is labelled as Unknown.
 
 **Q**: Is nDPI detection only based on protocol dissectors?\
-**A**: No, payload inspection is the main technique, but nDPI can also use IP address, ports, TLS certificates etc as signatures for protocols. In this case, after detection is complete, nDPI will report if the match was performed on payload inspection or other means (e.g. IP address).
+**A**: No, payload inspection is the main technique, but nDPI can also use IP address, ports, TLS certificates, etc., as signatures for protocols. In this case, after detection is complete, nDPI will report if the match was performed on payload inspection or other means (e.g. IP address).
 
 **Q**: Does nDPI contain list of known IP addresses?\
 **A**: Yes it includes lists of well known IPs such as those provided by Microsoft of Meta for identifying known service.
 
 **Q**: Can I extend nDPI by defining new protocols with a configuration file?\
-**A**: Yes you can. See this [file](https://github.com/ntop/nDPI/blob/dev/example/protos.txt) as an example for defining new protocols..
+**A**: Yes you can. See this [file](https://github.com/ntop/nDPI/blob/dev/example/protos.txt) as an example for defining new protocols.
 
 **Q**: Is nDPI able to detect VPNs?\
 **A**: Yes it can detect VPNS such as Tailscale, WireGuard, OpenVPN, FortiClient.. and also in-app VPNs such as UltraSurf or OperaVPN.
 
 **Q**: Is nDPI able to detect malware and viruses?\
-**A**: It can detect anomalous behaviour that can be caused by a malware, but nDPI is not a signature-based tool so it does not include signatures for malware A or B. This is because [signature-based tools](https://en.wikipedia.org/wiki/Intrusion_detection_system) have various limitations and resource intensive, whereas nDPI has been designed to be used also in high-speed (100 Gbit+) networks.
+**A**: It can detect anomalous behaviour that can be caused by a malware, but nDPI is not a signature-based tool, so it does not include signatures for malware A or B. This is because [signature-based tools](https://en.wikipedia.org/wiki/Intrusion_detection_system) have various limitations and resource intensive, whereas nDPI has been designed to be used also in high-speed (100 Gbit+) networks.
 
 **Q**: Is nDPI able to detect security issues?\
 **A**: Yes it can by means of a technique called [flow risk](https://github.com/ntop/nDPI/blob/dev/doc/flow_risks.rst). It can identify 50+ threats (e.g. a host that is talking with a malware host).

example/protos.txt

@@ -31,17 +31,17 @@ host:"api-global.netflix.com"@Netflix
 
 #
 # NOTES
-# 1) the port of a custom protocol is optional but if
+# 1) The port of a custom protocol is optional but if
 #    specified it must match the port.
-# 2) you can specify up to 1 port per IP address
-# 3) if you specify a custom ip:<IP>:<PORT> rule,
+# 2) You can specify up to 1 port per IP address.
+# 3) If you specify a custom ip:<IP>:<PORT> rule,
 #    even if the <PORT> doesn't match the <IP>
 #    (if best match during the search) will
 #    have priority as best match. Example if
 #    you specify a <Google IP>:<port 9999> and
 #    in your traffic have match for such IP but
 #    with a port other than 9999, the IP address
-#    begin a best match will hve preference over
+#    being the best match will have preference over
 #    <Google IP> so this protocol will not be
 #    detected as <L7 proto>.Google but only
 #    as <L7 proto>

lists/README.md

@@ -15,6 +15,6 @@ Domain Suffix List
 ------------------
 
 public_suffix_list.dat can be downloaded from
-https://publicsuffix.org/list/public_suffix_list.dat and
+https://publicsuffix.org/list/public_suffix_list.dat, and
 it contains the list of domain suffixes
 

python/DEV_GUIDE.md

@@ -9,8 +9,7 @@ int ndpi_des_init(struct ndpi_des_struct *des, double alpha, double beta, float
 
 ## Add it to NDPI_APIS Python definition
 
-
-[**NDPI_APIS**][py_ndpi_api] must be updated with the this new API your want to add.
+[**NDPI_APIS**][py_ndpi_api] must be updated with the new API you want to add.
 
 ## Regenerate bindings
 

src/include/ndpi_protocol_ids.h

@@ -22,8 +22,8 @@
  */
 
 
-#ifndef __NDPI_PROTOCOLS_IDS_H__
-#define __NDPI_PROTOCOLS_IDS_H__
+#ifndef __NDPI_PROTOCOL_IDS_H__
+#define __NDPI_PROTOCOL_IDS_H__
 
 #define NDPI_PROTOCOL_SIZE                  2
 

tests/dga/README.md

@@ -19,7 +19,7 @@ The modification can be a simple threshold change or a future lightweight ML app
 
 ## Used data
 
-Original used dataset is a collection of legit and DGA domains (balanced) that can be obtained as follow:
+Original used dataset is a collection of legit and DGA domains (balanced) that can be obtained as follows:
 
 ```shell
 wget https://raw.githubusercontent.com/chrmor/DGA_domains_dataset/master/dga_domains_full.csv
@@ -66,5 +66,5 @@ You can evaluate your modifications performances before submitting it as follows
 ./do-dga.sh
 ```
 
-If your modifications decreases baseline performances, test will fails.
-If not (well done), test passed and you must update the baseline metrics with your obtained ones.
+If your modifications decreases baseline performances, test will fail.
+If not (well done), test passed, and you must update the baseline metrics with your obtained ones.

utils/hostname2list.py

@@ -2,7 +2,7 @@
 
 import sys
 
-# This scripts is used to create "hostname/sni -> protocols" lists.
+# This script is used to create "hostname/sni -> protocols" lists.
 if len(sys.argv) < 6:
     print("Usage: {} <file> <name> <protocol> <category> <breed>".format(sys.argv[0]))
     sys.exit(1)

utils/ipaddr2list.py

@@ -3,7 +3,7 @@
 import sys
 import socket
 
-# These scripts are mainly used to create "ip -> protocols" lists.
+# This script is mainly used to create "ip -> protocols" lists.
 # However, it is also used to create "ip -> risk" lists
 proto = "NDPI_PROTOCOL_XYX"
 append_name = ""

wireshark/README.md

@@ -13,7 +13,7 @@ nDPI can provide Wireshark protocol dissection to complement internal protocol d
 
 At Wireshark startup you will find a new extcap interface named "nDPI interface". Select that interface and specify an interface name (for live capture) or a pcap file path (for reading packets from a pcap file). You can choose a nDPI protocol list from the dropdown menu in case you want Wireshark to dissect only protocols of the specified nDPI application protocol.
 
-During capture the ndpiReader plugin will pass Wireshark the nDPI protocol information adding an ethernet packet trailer that contains nDPI information. The lua plugin interprets this information and it displays it in the Wireshark GUI.
+During capture the ndpiReader plugin will pass Wireshark the nDPI protocol information adding an ethernet packet trailer that contains nDPI information. The lua plugin interprets this information, and it displays it in the Wireshark GUI.
 
 ## nDPI Packet Filtering
 

wireshark/tshark/README.md

@@ -11,4 +11,4 @@ This directory contains the implementation of the tshark class that contains thr
 - function tshark:read()
 
 ## Examples
-This this directory you can find simple code examples that show how to use the tshark class including counting packets and flow traffic accounting.
+In this directory you can find simple code examples that show how to use the tshark class including counting packets and flow traffic accounting.