Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
Look up NBAR for the basic idea. Each vendor has their own ‘secret sauce’ implementation, Palo Alto only needs 9 bytes of payload for disambiguation, iirc.
thank you! so it is basically looking at identifiable patterns in the packet flow and matching them to protocols.
i also found this paper about traffic identification interesting.
Look up NBAR for the basic idea. Each vendor has their own ‘secret sauce’ implementation, Palo Alto only needs 9 bytes of payload for disambiguation, iirc.
thank you! so it is basically looking at identifiable patterns in the packet flow and matching them to protocols. i also found this paper about traffic identification interesting.
Time to up the spoofing game. Maybe some AI-generated traffic to throw off the packet analytics.