anyone has ever tested a way to detect VPN Traffic? Could BRO detect the connection initiation? After reading the RFC about ISAKMP I have found some characteristics about this protocol that could help detect it but I don’t want to reinvent the wheel and there are other protocols used in VPN tunneling. Ideas anyone??