[Bro] Bro and nDPI integration
James Lay
jlay at slave-tothe-box.net
Wed Sep 21 07:58:13 PDT 2016
On 2016-09-21 08:53, Seth Hall wrote:
>> On Sep 20, 2016, at 1:01 PM, James Lay <jlay at slave-tothe-box.net>
>> wrote:
>>
>> So I see that this question was posed a couple years ago without much
>> traction. I wondered if anyone has looked into this? Haven't found
>> much online and this is something I would like to do. Thank you for
>> any
>> assistance.
>
> Something similar to nDPI can be done with a script package I released
> quietly through Broala (which will be moving over to our Corelight
> account eventually and integrated into the Bro Package Manager) a
> while ago. We don't have a ton of signatures in there yet, but it
> shows the infrastructure necessary to do basically the same detection
> that nDPI is doing.
>
> https://github.com/broala/bro-protosigs
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
Sweet...gonna git pull in a few and let you know how it runs. Thanks
Seth!
James
More information about the Bro
mailing list