Snort mailing list archives
detecting http-tunnel traffic
From: Derya Sezen <funky () gsu linux org tr>
Date: 21 Apr 2003 02:08:42 +0300
Hi, Using the libpcap, i wrote a sniffer for HTTP. By fetching the information i get in application layer(HTTP protocol), i wanna add rules to snort which detects the packets i want. I'm interested in HTTP-tunnel packets. For this, i analysed the traffic when i try to access the sites like go.icq.com , game.yahoo.com , which uses java based applets(but there is also crypted traffic) How can i detect the http-tunnel traffic made by such sites? thanx funky Istanbul ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- detecting http-tunnel traffic Derya Sezen (Apr 20)