[Snort-openappid] Identifies HTTP, but not web app.

Adam Hogan (adhogan) adhogan at ...5...
Sat Mar 1 21:23:07 EST 2014


Hello,

When I use Open AppID and then use Firefox to go visit cnn.com<http://cnn.com>, I don't get either firefox or cnn identified as an app. Instead I just get HTTP or HTTPS.

Here's the output from u2openappid:

statTime="1393724160",appName="https",txBytes="108",rxBytes="2964"
statTime="1393724220",appName="https",txBytes="0",rxBytes="4633"
statTime="1393724220",appName="mdns",txBytes="171",rxBytes="0"
statTime="1393724220",appName="http",txBytes="0",rxBytes="1404792"
statTime="1393724280",appName="http",txBytes="216",rxBytes="485469"
statTime="1393724280",appName="squid",txBytes="162",rxBytes="484448"
statTime="1393724280",appName="mdns",txBytes="194",rxBytes="0"
statTime="1393724340",appName="http",txBytes="54",rxBytes="723"
statTime="1393724340",appName="http",txBytes="270",rxBytes="289021"
statTime="1393724160",appName="https",txBytes="0",rxBytes="58506"
statTime="1393724220",appName="https",txBytes="0",rxBytes="4308"
statTime="1393724460",appName="dhcp",txBytes="342",rxBytes="0"
statTime="1393724580",appName="mdns",txBytes="107",rxBytes="0"
statTime="1393724640",appName="dhcp",txBytes="342",rxBytes="0"

How can I configure AppID to give me client and web-app applications?

Thanks,

------------------
Adam Hogan
Security Engineer; SFCE, SFCI
SOURCEfire, LLC.
adam.hogan at ...5...<mailto:ahogan at ...4...>
(C) 586.876.3980
(O) 614.717.9159

     ,,_
   o"   )~   Sourcefire - Now part of Cisco  . : | : . : | : .
      ''''


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140302/f815f04f/attachment.html>


More information about the Snort-openappid mailing list