Integration of DPI libraries in argus?

[Carter Bullard]

Hey Matt,
You can run nDPI against the user data buffers that argus generates, as a client
program.  This is a 30-60 minute project, and would use the same software
strategies as radump().

The argus approach moves all of this type of processing out of the sensor and into
the data analytics, allowing the sensor to be simple, and to approach very high
speeds, without any modification.  So, yes we have already considered this type of
processing, and argus doesn't have to change in order to support it.  Very easy.

Could you take some time to become more familiar with argus ?  I don't mind all
the questions, but its not clear if your interested, or just trolling.  Thanks !!!

Carter



On Jun 3, 2012, at 2:30 PM, Matt Brown wrote:

> Hello,
> 
> Has there been any interest in adding further DPI capabilities to argus?
> 
> Before arriving on argus, I looked at ntop, and it appears that they have a re-packaged and integrated the OpenDPI library as nDPI and are planning to integrate it into the next stable release of ntop.
> 
> It appears that argus would greatly benefit from something similar to nDPI, application detection, as additional record data.
> 
> As it stands, and please correct me if I'm wrong, without extending argus to encompass application detection, a decent method would be to have an ntop instance running along side argus, and attempting to correlate the flows, then utilizing nDPI's application diagnosis.
> 
> Has DPI (application detection) ever been considered to be integrated into argus?
> 
> 
> Thanks again,
> 
> Matt 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120604/2235c61a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120604/2235c61a/attachment.bin>