VPN Traffic Detection

Diogo_Corteletti_de · February 6, 2007, 1:38pm

Hello,

anyone has ever tested a way to detect VPN Traffic? Could BRO detect the connection initiation? After reading the RFC about ISAKMP I have found some characteristics about this protocol that could help detect it but I don’t want to reinvent the wheel and there are other protocols used in VPN tunneling. Ideas anyone??

Vern · February 7, 2007, 8:24am

anyone has ever tested a way to detect VPN Traffic?

If it's using IPSEC, then it should be easy to detect due to use of
well-known ports. That said, Bro doesn't have any IPSEC analyzers
(if you're interested in contributing some, please let us know!).

Vern

Topic		Replies	Views
Bro and ICMP Zeek	2	82	May 6, 2022
Flow blocking with iptables from Bro Zeek	5	176	May 6, 2022
Help: Experiment Zeek	1	71	May 6, 2022
PCAP help Zeek	3	67	May 6, 2022
Two Questions about Bro Zeek	1	63	May 6, 2022

VPN Traffic Detection

Related Topics