[Snort-openappid] Analysis of Traffic Mid-stream

Costas Kleopa (ckleopa) ckleopa at ...5...
Fri Jun 5 07:51:42 EDT 2015


Sorry for the delay but without the initial handshake of protocols we can't guarantee any application detection.

Thanks,
Costas

On Jun 5, 2015, at 5:10 AM, sripaduka R <padukaietf at ...8...<mailto:padukaietf at ...8...>> wrote:

Hi  all

Since I did not receive any reply ... wanted to know whether I ought to be checking on some other snort mailing list.
The question of course is for midstream analysis specific to open appid ...

thanks
sr

On Thu, Jun 4, 2015 at 7:57 PM, sripaduka R <padukaietf at ...8...<mailto:padukaietf at ...8...>> wrote:
Hi all

Is there any experience with the analysis/open appid based detection of traffic
based on traffic intercepted mid stream [ as in the first few packets of the stream are dropped prior to reception to snort ] - will the open appid framework be able to figure out the flow & concerned app.

What is the probability of a false positive or a false negative in such a scenario

thanks
sr

------------------------------------------------------------------------------
_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at ...12...rge.net>
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150605/5d21b8db/attachment.html>


More information about the Snort-openappid mailing list