Snort mailing list archives
some question about snort3 appid inspector
From: "Sitao \"Tony\" Cheng via Snort-sigs" <snort-sigs () lists snort org>
Date: Thu, 11 Mar 2021 17:28:55 +0800
Hello, Thank you so much for your reading my e-mail! I am using snort3 as an IPS system, switching from snort 2. When using appid inspector for application identification, I configure the appid, http_inspect and some other Dependency Requirements. But it just cannot recoginize http applications when I use the command "-r *.pcap", while SMTP\POP\IMAP pcaps are fine. Things runs correctly in snort 2 when using the same pcap file. I know that I missed something needed to configure. Can you give me some clues? I would appreciate it so much for you time.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- some question about snort3 appid inspector Sitao "Tony" Cheng via Snort-sigs (Mar 15)
- <Possible follow-ups>
- some question about snort3 appid inspector Sitao "Tony" Cheng via Snort-sigs (Mar 15)
- Message not available
- Re: some question about snort3 appid inspector Shravan Rangarajuvenkata (shrarang) via Snort-sigs (Mar 15)
- Message not available