[Snort-openappid] API reference or scheme of openappid engine

Huet, Ronan (External) Ronan.Huet.External at ...21...
Tue Apr 15 09:00:47 EDT 2014


Hello,

 

I am trying to understand detection engine of openappid and I would like
to know how openappid can detect an application?

Does it use a pattern matching (I suppose it is not enough for a good
detection), size, order of fields in packets ...?

 

For example, I have tested the detection of user-agents Firefox and
wget:

Firefox is detected but not Wget. So I tried to hide Wget request in a
Firefox request (with option --user-agent="" --header="") but openappid
only detected "http".

 

Moreover, I am performing a research on links between all the functions
and what was the sequence of the functions to detect "an application".

Do you know if there is any scheme of this sequence and an API
documentation.

 

Thank you for your time and consideration.

 

--

Ronan HUET

Airbus Defence & Space CyberSecurity

ronan.huet.external at ...21...
<mailto:ronan.huet.external at ...21...>  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140415/d0122cc5/attachment.html>


More information about the Snort-openappid mailing list