Layer7 / DPI filter with Bro


I’m trying do integrate some DPI capabilities with iptables.

I’ve tried nDPI but it doesn’t recognize the protocols most of the time.

I think that Bro could do that, but I found too few scrips to identify applications like skype or tor.

Am I on the right direction?

Could someone point me to some repository with more scripts or, if you think that Bro isn’t the right tool to do that, give me some advice on other tools?


Edson Dino Salvati