Software
OpenDPI is the open source version for non-obfuscated protocols. PACE, another such engine, includes obfuscated and encrypted protocols, which are the types associated with Skype or encrypted BitTorrent. As OpenDPI is no longer maintained, an OpenDPI-fork named nDPI has been created, actively maintained and extended with new protocols including Skype, Webex, Citrix and many others.
L7-Filter is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, and others. It classifies streaming, mailing, P2P, VOIP, protocols, and gaming applications.
Hippie (Hi-Performance Protocol Identification Engine) is an open source project which was developed as kernel module. It was developed by Josh Ballard. It supports both DPI as well as firewall functionality.
SPID (Statistical Protocol IDentification) project is based on statistical analysis of network flows to identify application traffic. The SPID algorithm can detect the application layer protocol (layer 7) by analysing flow (packet sizes, etc.) and payload statistics (byte values, etc.) from pcap files. It is just a proof of concept application and currently supports approximately 15 application/protocols such as eDonkey Obfuscation traffic, Skype UDP and TCP, BitTorrent, IMAP, IRC, MSN, and others.
Tstat (TCP STatistic and Analysis Tool) provides insight into traffic patterns and gives details and statistics for numerous applications and protocols.
The French company, Amesys, designed and sold to Muammar Gaddafi an intrusive and massive internet monitoring system, called Eagle.
Read more about this topic: Deep Packet Inspection