[Bro] Bro and nDPI integration
Seth Hall
seth at icir.org
Wed Sep 21 07:53:51 PDT 2016
> On Sep 20, 2016, at 1:01 PM, James Lay <jlay at slave-tothe-box.net> wrote:
>
> So I see that this question was posed a couple years ago without much
> traction. I wondered if anyone has looked into this? Haven't found
> much online and this is something I would like to do. Thank you for any
> assistance.
Something similar to nDPI can be done with a script package I released quietly through Broala (which will be moving over to our Corelight account eventually and integrated into the Bro Package Manager) a while ago. We don't have a ton of signatures in there yet, but it shows the infrastructure necessary to do basically the same detection that nDPI is doing.
https://github.com/broala/bro-protosigs
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list