A proof-of-concept application of the Statistical Protocol IDentification (SPID) algorithm. SPID can detect the application layer protocol (layer 7) by analysing flow (packet sizes etc.) and payload statistics (byte values etc.) from pcap files.
Easy for use.
The program runs fine, but I had to use the compiled version. It identified everything that was not encrypted. When using encryption (in bittorrent for example) the program consider packets as 'UNKNOWN' but the amount of packets is correct. Also, I tested with big tcpdump files (1.8GB size) and the program ran without any trouble. This is a very good job, its documentation is also pretty well written. Congrats to Erik Hjelmvik!! I had trouble compiling it under visual studio express (the free version), and also with mono. The problem seemed to be some assemblies that neither visual studio express nor mono (or monodevelop) have. Maybe there is a solution for this, but I haven't found it yet.