[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Deep Packet Inspection

snort and suricata.


su 19. elok. 2018 klo 20.52 Reco <recoverym4n@gmail.com> kirjoitti:

On Sun, Aug 19, 2018 at 08:31:42PM +0300, Mimiko wrote:
> Hello.
> Maybe this was answered. Is there a Deep Packet Inspection to use in Debian 9 for a firewall setup? Opensource and maybe in repository.

Once upon a time there was so called l7filter (main suite), which was
packaged for Debian, but it was excluded from current stable.
Not a big loss IMO, as l7filter was only good for traffic classification
(netfilter mangle table).

You may want to check a set of kernel patches called nDPI - [1] (sorry
for the GitHub link). It will take a patched kernel *and* iptables suite
to make the thing run, and I suspect that amd64 is the only supported

If software archeology is your thing, there's OpenDPI - [2] (sorry for
the GitHub link again).

As far as I can tell, there's no DPI software packaged for current
stable at all.

[1] https://github.com/vel21ripn/nDPI

[2] https://github.com/thomasbhatia/OpenDPI


Reply to: