Protocol Analysis question


I’m asking myself, does the protocol analysis works for obfuscated/encrypted connections in emule/torrent and similar p2p networks.
I would suppose it works on a layer-7 basis, is that correct?

Protocol Analysis checks every packet to ensure it conforms to the protocol standard & is not faked/spoofed, etc. This being the case, I would suspect it works on Layers 2 (Data Link) & 3 (Network).


For all security products it all depends on where inspection takes place, as long as it’s not decoded then it can’t “see” in the data portion of it.

I don’t think the protocol inspection will decode SSL/Encryption to see if what’s in it conforms to the RFC’s.
As Kail said it can only check for the things it can “read”. IP/TCP/UDP headers and stuff.

What kind inspection are you looking for ?