[Snort-openappid] Specific rule for bandwidth

Mike Stepanek (mstepane) mstepane at ...5...
Mon Sep 14 08:33:26 EDT 2015


We don't report bandwidth.  Things like alerts and appstats files, though, will report times and number of bytes transferred, so you may be able to get what you need.

- Mike Stepanek
   mstepane at ...5...

From: Gabriel Corre [mailto:gabriel.corre at ...94...]
Sent: Monday, September 14, 2015 7:08 AM
To: snort-openappid at lists.sourceforge.net
Subject: [Snort-openappid] Specific rule for bandwidth

Hello,

I create a rule which is able to catch an application traffic according to an ip :
alert tcp HOME_NET any -> EXTERNAL_NET any (msg:"BitTorrent detected"; appid:BitTorrent; sid:1000000001;)

However I would like to view the bandwith consumed by each IP regarding this app. I don't know how to do that, is it even possible?

Regards,

--

Gabriel Corré

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150914/d8b2ed9a/attachment.html>


More information about the Snort-openappid mailing list