[Bro] protocol recognition

[Vern Paxson]

> is bro capable to make automatic layer-7 protocol recognition from a  
> dump?

It's backdoor detectors do this (with varying degrees of accuracy), but
it's not yet able to then do the next step and switch the processing of
the connection over to an analyzer for the discovered protocol.

> (e.g. I have a dump of a router with several protocols running on non  
> standard port and I want to know which protocol runs on which port)

It currently detects SSH, Gnutella, HTTP and HTTP proxies quite accurately,
SMTP, KaZaA, Napster and FTP/IMAP/POP (it lumps these together, but
unfortunately just terms "FTP"; and sometimes the FTP detector triggers
on SMTP connections) fairly well, and Telnet/Rlogin with limited success.
There are also new IRC and Gaobot detectors, which are still being tuned.

		Vern