Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: Open App Id

From: valentin.giraud () armaturetech com
Date: Mon, 04 Apr 2016 13:17:29 +0200


-------- Courriel original --------
Objet: Open App Id
Date: 04.04.2016 11:07
De: valentin.giraud () armaturetech com
À: snort-users () lists sourceforge net

Hi snort community,

I am currently trying to write some detectors in lua for App Id.
But there is 2 or 3 things that i need your help to understand.
- In what way can i use the "appMapping.data"? Because i wrote some 
detector lua and they work without using it...
- There is a lot of app that are not working really well, e.g when i go 
on "www.facebook.com" it works only time to time...  Have you any idea ?
- I have a lot of DNS and __unknown AppName, do you have any idea, where 
it could come from ?

examples of a session:

********
statTime="1459759980",appName="Firefox",txBytes="1125",rxBytes="1524"
statTime="1459759980",appName="HTTP",txBytes="1125",rxBytes="1524"
statTime="1459759980",appName="dayumBen",txBytes="1125",rxBytes="1524"
statTime="1459759050",appName="DNS",txBytes="492",rxBytes="861"
statTime="1459759070",appName="DNS",txBytes="553",rxBytes="1163"
statTime="1459759190",appName="Firefox",txBytes="5600",rxBytes="12378"
statTime="1459759190",appName="HTTP",txBytes="5600",rxBytes="12378"
statTime="1459759190",appName="Squid",txBytes="5600",rxBytes="12378"
statTime="1459759080",appName="DNS",txBytes="1296",rxBytes="2201"
statTime="1459759090",appName="DNS",txBytes="219",rxBytes="396"
statTime="1459759180",appName="Firefox",txBytes="14961",rxBytes="17045"
statTime="1459759180",appName="HTTP",txBytes="14961",rxBytes="17045"
statTime="1459759180",appName="Google 
Maps",txBytes="4340",rxBytes="6894"
statTime="1459759180",appName="Bing Maps",txBytes="7549",rxBytes="7607"
statTime="1459759190",appName="Google 
APIs",txBytes="5864",rxBytes="8620"
statTime="1459759190",appName="Firefox",txBytes="35136",rxBytes="37202"
statTime="1459759190",appName="HTTP",txBytes="35136",rxBytes="37202"
statTime="1459759190",appName="Google 
Maps",txBytes="6535",rxBytes="3886"
statTime="1459759190",appName="Bing 
Maps",txBytes="11167",rxBytes="12360"
statTime="1459759190",appName="Google 
APIs",txBytes="3903",rxBytes="3202"
statTime="1459759190",appName="Firefox",txBytes="3903",rxBytes="3202"
statTime="1459759190",appName="HTTP",txBytes="3903",rxBytes="3202"
statTime="1459759150",appName="DNS",txBytes="1299",rxBytes="2095"
statTime="1459758980",appName="__unknown",txBytes="100",rxBytes="160"
statTime="1459759160",appName="DNS",txBytes="219",rxBytes="396"

************

Valentin.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: