Re: Create rules for Google Hangouts

[liao zhuodi <liao_zd () foxmail com>]

Thanks Lewis, the grep appMapping.data does helps. I am trying to create some complete rules, i find some of the 
rules/openaapID use http pattern to detect user access, but like google hangouts: http://www.google.com/hangouts/ 
<http://www.google.com/hangouts/>, but when user use Google Hangouts, they usually use it inside the gmail web page, or 
some client ends. But the message text or hangouts call are encrypted by SSL, https, how can i catch the traffic from 
hangouts?

Liao

> On 11 Feb 2015, at 20:02, Al Lewis (allewi) <allewi () cisco com> wrote:
>
> To get a feel for what you can do with rules a good place to start would be here: http://manual.snort.org/node27.html
>
> There are a bunch of app detectors in the openappID tool for google (Hangouts is one of them) : I have listed them 
> below. You can check out/download openapp here: https://www.snort.org/downloads
>
> alewis@debian-7:~/Downloads/odp$ cat appMapping.data | cut -f2 | grep -i google
> Google APIs
> Google App Engine
> Google Drive
> Google Talk Gadget
> Google
> Google Translate
> Google Analytics
> Google Calendar
> Google News
> Google Product Search
> Google Safebrowsing
> Google Earth
> Googlebot
> Google Toolbar
> Google Finance
> Google Play Books
> Google Play Music
> Google Reader
> Google Adsense
> Google Remote Desktop
> Google Fiber
> Google Code project hosting
> Google Update
> Googlebot Image Search
> Google PageSpeed
> Google URL Shortener
> Google Groups
> Google+ Photos
> Google+ Videos
> Google Accounts Authentication
> Google Hangouts
> Google Helpouts
>
> Hope this helps!
>
> Albert Lewis
> QA Software Engineer
> SOURCEfire, Inc. now part of Cisco
> 9780 Patuxent Woods Drive
> Columbia, MD 21046 
> Phone: (office) 443.430.7112
> Email: allewi () cisco com 
>
> -----Original Message-----
> From: liao zhuodi [mailto:liao_zd () foxmail com] 
> Sent: Wednesday, February 11, 2015 2:58 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Create rules for Google Hangouts
>
> I am trying to create rules about Google Hangouts app, it is a web app in the gmail page, it usees Quick UDP 
> protocol, however I can not find the signature for it. Doesn’t anyone has any suggestion, thanks.
>
> Liao
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership 
> with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs 
> to news, videos, case studies, tutorials and more. Take a look and join the conversation now. 
> http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!