open source DPI suggestions?
Can anyone suggest any open source DPI (deep packet inspection) projects? I am working on various telco projects in emerging markets, but can't quite justify the price for the bigger and more well known players. :/ (Until then, I'll have to rely on some of the more well known Linux and BSD traffic shaping tools) -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubacuda@gmail.com
On Apr 29, 2011, at 3:54 AM, Rogelio wrote:
Can anyone suggest any open source DPI (deep packet inspection) projects?
I'll recommend Bro-IDS (http://www.bro-ids.org/) as it's what I spend my days working on. It's essentially a programming language for long term network traffic monitoring which is focused on doing deep decoding of application layer protocols. (and it's BSD licensed!) .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/
Can anyone suggest any open source DPI (deep packet inspection) projects?
I'll recommend Bro-IDS (http://www.bro-ids.org/) as it's what I spend my days working on. It's essentially a programming language for long term network traffic monitoring which is focused on doing deep decoding of application layer protocols. (and it's BSD licensed!)
http://l7-filter.sourceforge.net/ might be another candidate. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Snort (http://www.snort.org/) is also a nice IDS. They provide paid and free rules/signatures. -k On Fri, Apr 29, 2011 at 7:55 AM, Raymond Burkholder <ray@oneunified.net>wrote:
Can anyone suggest any open source DPI (deep packet inspection) projects?
I'll recommend Bro-IDS (http://www.bro-ids.org/) as it's what I spend my days working on. It's essentially a programming language for long term network traffic monitoring which is focused on doing deep decoding of application layer protocols. (and it's BSD licensed!)
http://l7-filter.sourceforge.net/ might be another candidate.
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
How about RouterOS from Mikrotik ? You cannot beat a $70 RB750G for doing P2P hijacking. F. On 2011-04-29, at 8:59 AM, Kornelijus Survila wrote:
Snort (http://www.snort.org/) is also a nice IDS. They provide paid and free rules/signatures.
-k
On Fri, Apr 29, 2011 at 7:55 AM, Raymond Burkholder <ray@oneunified.net>wrote:
Can anyone suggest any open source DPI (deep packet inspection) projects?
I'll recommend Bro-IDS (http://www.bro-ids.org/) as it's what I spend my days working on. It's essentially a programming language for long term network traffic monitoring which is focused on doing deep decoding of application layer protocols. (and it's BSD licensed!)
http://l7-filter.sourceforge.net/ might be another candidate.
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
I gotta say that those microtik boxed are pretty impressive. I have quite a few that give me Layer 2 VPN in the lab and they have been faultless so far. -- Leigh Porter On 6 May 2011, at 21:46, "Francois Menard" <francois@menards.ca> wrote:
How about RouterOS from Mikrotik ?
You cannot beat a $70 RB750G for doing P2P hijacking.
F.
On 2011-04-29, at 8:59 AM, Kornelijus Survila wrote:
Snort (http://www.snort.org/) is also a nice IDS. They provide paid and free rules/signatures.
-k
On Fri, Apr 29, 2011 at 7:55 AM, Raymond Burkholder <ray@oneunified.net>wrote:
Can anyone suggest any open source DPI (deep packet inspection) projects?
I'll recommend Bro-IDS (http://www.bro-ids.org/) as it's what I spend my days working on. It's essentially a programming language for long term network traffic monitoring which is focused on doing deep decoding of application layer protocols. (and it's BSD licensed!)
http://l7-filter.sourceforge.net/ might be another candidate.
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
On Fri, 2011-04-29 at 07:59 -0500, Kornelijus Survila wrote:
Snort (http://www.snort.org/) is also a nice IDS. They provide paid and free rules/signatures.
And if you would like 64bit and/or IPv6 support, try Suricata: http://www.openinfosecfoundation.org/ Tom
On Sat, May 7, 2011 at 12:37 PM, Tom Hill <tom@ninjabadger.net> wrote:
On Fri, 2011-04-29 at 07:59 -0500, Kornelijus Survila wrote:
Snort (http://www.snort.org/) is also a nice IDS. They provide paid and free rules/signatures.
And if you would like 64bit and/or IPv6 support, try Suricata:
Another good open-source one with IPv6, Sourcefire rules support, stateful firewall and filtering at traffic and web address level etc is Vyatta (http://www.vyatta.org and http://www.vyatta.com). They're also rather nice routers if I do say so myself. Do let us know which one you end up picking and how you go with it. Cheers Alex
participants (8)
-
Alex Brooks
-
Francois Menard
-
Kornelijus Survila
-
Leigh Porter
-
Raymond Burkholder
-
Rogelio
-
Seth Hall
-
Tom Hill