application protocol identification
Harry Hoffman
hhoffman at ip-solutions.net
Thu Jul 11 13:12:41 EDT 2013
I'm *very interested* in this, whether using this library or something else.
Most of this happens via IDS now but being able to accurately classify
this in argus would be superb!
Cheers,
Harry
On 07/11/2013 03:02 AM, CS Lee wrote:
> hi Carter,
>
> Haven't discussed anything in a while over here but I do follow the mailing
> list and seeing many exciting features implemented in argus.
>
> I have always used port based identification for network protocols
> identification(e.g, port 80 = www, port 22 = ssh), however with dynamic
> behaviour of network today, this no longer hold true, many applications are
> running through non-standard ports and it makes life tougher especially
> with p2p application around.
>
> Will it be possible for argus to make use of ndpi to perform protocol
> identification -
>
> http://www.ntop.org/products/ndpi/
>
> I'm not sure if people in the list are interested in this, to me it looks
> very promising and can be a boost to argus since many commercial
> applications start to implement non-port based protocol identification.
>
> Cheers
>
>
More information about the argus
mailing list