application protocol identification
CS Lee
geek00l at gmail.com
Thu Jul 11 03:02:58 EDT 2013
hi Carter,
Haven't discussed anything in a while over here but I do follow the mailing
list and seeing many exciting features implemented in argus.
I have always used port based identification for network protocols
identification(e.g, port 80 = www, port 22 = ssh), however with dynamic
behaviour of network today, this no longer hold true, many applications are
running through non-standard ports and it makes life tougher especially
with p2p application around.
Will it be possible for argus to make use of ndpi to perform protocol
identification -
http://www.ntop.org/products/ndpi/
I'm not sure if people in the list are interested in this, to me it looks
very promising and can be a boost to argus since many commercial
applications start to implement non-port based protocol identification.
Cheers
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130711/10949d91/attachment.html>
More information about the argus
mailing list