[Snort-openappid] Twitter detector. Error??

Carlos Rodriguez Hernandez crodriguezh.ext at ...109...
Thu Nov 5 13:17:05 EST 2015


Hello everyone,

I am continuing with my tests of OpenAppID.

I write this rules in my file local.rules:

"alert tcp 10.0.30.45 any -> any any (msg:"Skype traffic"; appid:
skype_auth skype; sid:1000007; rev:2;)

alert tcp 10.0.30.45 any -> any any (msg:"Twitter traffic"; appid: twitter;
sid:1000008; rev:1;)

alert tcp 10.0.30.45 any -> any any (msg:"Linkedin traffic"; appid:
linkedin; sid:1000010; rev:1;)"

My system is well configured for my network and these rules.

I run Snort with the next command:
"snort -c /etc/snort/snort.conf -i wlp3s0 -A console"

When I access Linkedin or Skype I can see alerts in the console, but when I
access Twitter I can not see any alert.

The strange thing is that if I search on Google twitter4j I get Twitter
alert:
"11/05-19:11:16.730634  [**] [1:1000008:1] Twitter traffic [**] [Priority:
0] [AppID: twitter] {TCP} 10.0.30.45:35876 -> 104.27.137.111:80"

And I have the next log:
"statTime="1446747000",appName="twitter",txBytes="15676",rxBytes="41970""

Is it correct this working?

Thank you very much,
Carlos

-- 
Carlos Rodríguez Hernández
*Fellow Developer*
redborder.net | +34 609477932



This email, including attachments, is intended exclusively for its
addressee. It contains information that is CONFIDENTIAL whose disclosure is
prohibited by law and may be covered by legal privilege. If you have
received this email in error, please notify the sender and delete it from
your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20151105/3164e18c/attachment.html>


More information about the Snort-openappid mailing list