Snort mailing list archives
Determination of ssl_state
From: Shin Mura <kmym0401 () gmail com>
Date: Thu, 16 Apr 2015 23:25:59 -0700
Hi, I have something to clarify about determination is "ssl_state". "ssl_state:client_hello” is specified in [1:33801] signature. However, upon confirming the unified file of the actual detected log converted to pcap using Wireshark, the “Handshake Protocol” is not “Client Hello” but “Encrypted Handshake Message”.It seems that "ssl_state" cannot be properly determined. Actual configuration: preprocessor ssl: ports { 443 }, trustservers, noinspect_encrypted It would be really great if someone can provide some inputs on these issues. Thanks and regards, Shin
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Determination of ssl_state Shin Mura (Apr 16)