[Snort-openappid] Analysis of Traffic Mid-stream

Costas Kleopa (ckleopa) ckleopa at ...5...
Fri Jun 5 07:51:42 EDT 2015

Sorry for the delay but without the initial handshake of protocols we can't guarantee any application detection.


On Jun 5, 2015, at 5:10 AM, sripaduka R <padukaietf at ...8...<mailto:padukaietf at ...8...>> wrote:

Hi  all

Since I did not receive any reply ... wanted to know whether I ought to be checking on some other snort mailing list.
The question of course is for midstream analysis specific to open appid ...


On Thu, Jun 4, 2015 at 7:57 PM, sripaduka R <padukaietf at ...8...<mailto:padukaietf at ...8...>> wrote:
Hi all

Is there any experience with the analysis/open appid based detection of traffic
based on traffic intercepted mid stream [ as in the first few packets of the stream are dropped prior to reception to snort ] - will the open appid framework be able to figure out the flow & concerned app.

What is the probability of a false positive or a false negative in such a scenario


Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at ...12...rge.net>

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150605/5d21b8db/attachment.html>

More information about the Snort-openappid mailing list