[Snort-openappid] Specific rule for bandwidth

Gabriel Corre gabriel.corre at ...94...
Mon Sep 14 07:07:37 EDT 2015


Hello,

I create a rule which is able to catch an application traffic according to an ip :
alert tcp HOME_NET any -> EXTERNAL_NET any (msg:"BitTorrent detected"; appid:BitTorrent; sid:1000000001;)

However I would like to view the bandwith consumed by each IP regarding this app. I don't know how to do that, is it even possible?

Regards,

--

Gabriel Corré

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150914/5b535f53/attachment.html>


More information about the Snort-openappid mailing list