On Fri, 9 May 2008 10:40:18 +0530

"Srikant Tangirala"  wrote:
> Hello All

quoted text
>

> there some way to ensure that traffic to port 53

> is in fact not from a program like iodine and what

> goes to port 80 is only HTTP/HTTPS, and so on

> for all the common protocols? With my little bit

> of knowledge what I figure is that we need some

> piece of software(s) which understands each protocol

> thoroughly, can look at raw packets in real-time

>

> Any help will be great. Thanks in advance.

>

> Srikant Tangirala.

Hello All,
You can do it using open-source software as "Bro" (http://bro-ids.org),

it's an open-source, Unix-based Network Intrusion Detection

System (NIDS) that passively monitors network traffic and looks for

suspicious activity.

"Bro" has the "DPD" (dynamic protocol detection) feature and can

reports (confirmed) uses of protocols on non-standard ports.
Please see : http://www.icir.org/robin/papers/usenix06.pdf for more

informations about this.
Last thing, it builds and works perfectly on OpenBSD. :-)
With regards,
Jean-Philippe.