Snort mailing list archives
RE: monitoring https / SSL
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Thu, 2 May 2002 13:00:22 -0400
It's not that simple, as https traffic is encrypted, and snort cannot decode it in the same manner as http traffic, which is in the clear. Rules that apply to source and destination ports can be changed, as could certain rules referencing packet size, flags, etc. However, snort can't grab the application-layer data from https traffic. Cheers Keith -----Original Message----- From: Slade Edmonds [mailto:slade () smipc net] Sent: Thursday, May 02, 2002 12:51 PM To: snort-users () lists sourceforge net Subject: [Snort-users] monitoring https / SSL Could anyone direct me to information regarding snorting SSL traffic? Is it just a matter of taking the rules files designed for monitoring standard http port 80 and adding an ssl port to it? Thanks _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- monitoring https / SSL Slade Edmonds (May 02)
- Re: monitoring https / SSL Jason Haar (May 02)
- <Possible follow-ups>
- RE: monitoring https / SSL McCammon, Keith (May 02)
- RE: monitoring https / SSL Matt Kettler (May 02)