Hey All,
So I see that this question was posed a couple years ago without much traction. I wondered if anyone has looked into this? Haven't found much online and this is something I would like to do. Thank you for any assistance.
James
Something similar to nDPI can be done with a script package I released quietly through Broala (which will be moving over to our Corelight account eventually and integrated into the Bro Package Manager) a while ago. We don't have a ton of signatures in there yet, but it shows the infrastructure necessary to do basically the same detection that nDPI is doing.
https://github.com/broala/bro-protosigs
.Seth
Sweet...gonna git pull in a few and let you know how it runs. Thanks Seth!
James