Libprotoident is a library that performs application layer protocol
identification for flows. Unlike many techniques that require capturing
the entire packet payload, only the first four bytes of payload sent in each
direction, the size of the first payload-bearing packet in each direction and
the TCP or UDP port numbers for the flow are used by libprotoident.
Libprotoident features a very simple API that is easy to use, enabling
developers to quickly write code that can make use of the protocol
identification rules present in the library without needing to know anything
about the applications they are trying to identify.
Libprotoident supports over 300 different application protocols and this
number will continue to grow over the course of future releases!
Libprotoident is developed by the WAND Network Research Group at Waikato
University in New Zealand.