[Bro] Bro and nDPI integration

Seth Hall seth at icir.org
Wed Sep 21 07:53:51 PDT 2016

> On Sep 20, 2016, at 1:01 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> So I see that this question was posed a couple years ago without much 
> traction.  I wondered if anyone has looked into this?  Haven't found 
> much online and this is something I would like to do.  Thank you for any 
> assistance.

Something similar to nDPI can be done with a script package I released quietly through Broala (which will be moving over to our Corelight account eventually and integrated into the Bro Package Manager) a while ago.  We don't have a ton of signatures in there yet, but it shows the infrastructure necessary to do basically the same detection that nDPI is doing.



Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list