[Snort-openappid] Using Snort on pfsense

Cory Juillerat cjuillerat at ztlsd.org
Fri Apr 20 14:27:13 EDT 2018


Thanks Y M,

That is actually the video I watched go setup Snort or pfsense, which was
an awesome video. I remember seeing things come in like netflix. Since I
have a pretty large network, I am wondering if pfsense int capturing
everyone's request via Snort.... for example, I visited netflix on my
computer and searched for my IP address on the alerts page and saw my
request. But the next thing I did was visit Facebook and nothing showed up
when viewing alerts and searching for my IP address.

On Fri, Apr 20, 2018, 2:15 PM Y M via Snort-openappid <
snort-openappid at lists.snort.org> wrote:

> Cory,
>
>
> The AppID detectors are open-source and are available on the Snort
> website. So I don't think the subscription is at play here. In an earlier
> thread, I posted a link to a YouTube video for configuring AppID on
> pfsense. The presenter showed that AppID is picking up Netflix, among other
> apps. Here is the link for the video https://youtu.be/-GgqYq5-EBg
>
> Hope this helps.
>
> YM
>
>
> ------------------------------
> *From:* Snort-openappid <snort-openappid-bounces at lists.snort.org> on
> behalf of Cory Juillerat <cjuillerat at ztlsd.org>
> *Sent:* Friday, April 20, 2018 8:30 PM
> *To:* snort-openappid at lists.snort.org
> *Subject:* [Snort-openappid] Using Snort on pfsense
>
> Good afternoon,
>
> I decided to recently try Snort mainly for the App ID capability.. I work
> at a school so students are always using social networking apps and
> streaming media apps. I created the WAN interface and started the Snort
> process on this interface. I am using the predefined balanced IPS policy
> and I also placed a check in all of the check boxes underneath Snort
> OPENAPPI Rules and Ruleset: ET Open Rules.
>
> Now onto the issue I am having.. When I go to the alerts tab, most of what
> I see is Chrome and http traffic underneath description. There are no
> social networking or streaming services populating, even though I know
> people are using them. Does the free subscription just not have the most up
> to date App ID's, so nothing is coming up?
>
> Thank you,
>
>
> Cory Juillerat, M.S.
>
> Director of Technology
>
> *Phone: *740.772.7667
>
> *Email:* cjuillerat at ztlsd.org
>
>
> _______________________________________________
> Snort-openappid mailing list
> Snort-openappid at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-openappid
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180420/564323da/attachment-0001.html>


More information about the Snort-openappid mailing list