The Codefather Inc. The Codefather Inc.
The CodeFather Inc. Home
The CodeFather Inc. Project
The CodeFather Inc. Members
The CodeFather Inc. News
The CodeFather Inc. Schedule
The CodeFather Inc. Documents

Auto-Identification/Classification of Common IP Protocols

For most of the widely used IP based protocols (HTTP, NNTP, POP3, SMTP, WTP, SIP, FTP etc), well-known TCP (or UDP) ports are used.
In some cases, these protocols are delivered on any non-standard ports. Main objective of this project is to device and implement a method which will let identify which protocol is actually involved for a given flow of IP traffic passing through any TCP or UDP port. Once the protocol is identified, it can extract some L7 (user) data exchanged with the protocol

Features of the project:
* Network captured that can be identified is to be fed in the PCAP file format.
* Identification process can also determine when the identified protocol is no longer available in the flow through the identified port
* Since the amount of data that should be analyzed can be very huge in practical applications, high performance and low-latency detection capability will exist.
* Some protocols that can be identified:
- POP3
* Some outputs for detected protocols
- HTTP : RFC 822 complied e-mail messages (.eml) if the connected HTTP server is Yahoo! Mail and user downloads a mail
- POP3: Download mail messages
- FTP: Transferred files
- SIP: Voice files in Microsoft ASF format

Sponsored By:


© 2007 The CodeFather Inc.

design by ND