VPN Traffic Detection

Diogo_Corteletti_de · February 6, 2007, 1:38pm

Hello,

anyone has ever tested a way to detect VPN Traffic? Could BRO detect the connection initiation? After reading the RFC about ISAKMP I have found some characteristics about this protocol that could help detect it but I don’t want to reinvent the wheel and there are other protocols used in VPN tunneling. Ideas anyone??

Vern · February 7, 2007, 8:24am

anyone has ever tested a way to detect VPN Traffic?

If it's using IPSEC, then it should be easy to detect due to use of
well-known ports. That said, Bro doesn't have any IPSEC analyzers
(if you're interested in contributing some, please let us know!).

Vern

Topic		Replies	Views
Bro and ICMP Zeek	2	95	May 6, 2022
Protocol Detection/Decoding Zeek	2	74	May 6, 2022
Flow blocking with iptables from Bro Zeek	5	228	May 6, 2022
Help: Experiment Zeek	1	92	May 6, 2022
plan of integration with pia-bro? Zeek	1	89	May 6, 2022

VPN Traffic Detection

Related topics