Snort mailing list archives

Re: [Snort-openappid] Snort with openappid doesn't block android apps

From: "Costas Kleopa (ckleopa)" <ckleopa () cisco com>
Date: Thu, 19 Nov 2015 16:04:18 +0000

Can you also try adding this in your snort command line, so you can access bad checksums and jumbo frames?

 -k none -P 9000

Thanks
Costas

On Nov 19, 2015, at 10:53 AM, Navneet Singh <navneet.singh2012 () gmail com<mailto:navneet.singh2012 () gmail com>> 
wrote:

Hi All

I am testing snort 2.9.7.6 with openappid on ARM platform. Snort is using nfq as daq mode and i am able to block 
various sites as per their appid rules in various browsers. But none of the appid that also has its own android 
application is blocking on the client, however if i browse the same site using browser on the client it is blocking 
fine. I tried known applications like facebook, youtube, whatsapp but none is able to block.

I use this command
sudo snort -Q --daq nfq --daq-var device=wlan1 --daq-var queue=1 -c /etc/snort/snort.conf -A console

followed by
sudo iptables -t nat -I PREROUTING -j NFQUEUE --queue-num 1
sudo iptables -I FORWARD -j NFQUEUE --queue-num 1
sudo iptables -I INPUT -j NFQUEUE --queue-num 1
sudo iptables -I OUTPUT -j NFQUEUE --queue-num 1
to run snort.

Here wlan1 is in AP mode and other clients are connected to this interface.

I am also attaching snort.conf, local.rules files and logs when i run snort.

Please help me with this issue.

--
Regards
Navneet

<snort.conf><local.rules><snort_log>------------------------------------------------------------------------------
_______________________________________________
Snort-openappid mailing list
Snort-openappid () lists sourceforge net<mailto:Snort-openappid () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort with openappid doesn't block android apps Navneet Singh (Nov 19)
- Re: [Snort-openappid] Snort with openappid doesn't block android apps Costas Kleopa (ckleopa) (Nov 19)