[Snort-openappid] API, scheme of application detection engine ?

Huet, Ronan (External) Ronan.Huet.External at ...21...
Tue Apr 15 04:59:15 EDT 2014



I am trying to understand detection engine of openappid and I would like
to know how openappid can detect an application?

Does it use a pattern matching (I suppose it is not enough for a good
detection), size, order of fields in packets ...?

For example, I have tested the detection of user-agents Firefox and

Firefox is detected but not Wget. So I tried to hide Wget request in a
Firefox request (with option --user-agent="" --header="") but openappid
only detected "http".


Moreover, I am performing a research on links between all the functions
and what was the sequence of the functions to detect "an application".

Do you know if there is any scheme of this sequence and an API


Thank you for your time and consideration.



Ronan HUET

Airbus Defence & Space CyberSecurity

ronan.huet.external at ...21...
<mailto:ronan.huet.external at ...21...>  



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140415/39fd695e/attachment.html>

More information about the Snort-openappid mailing list