[Snort-openappid] feebsd openappid problem

Costas Kleopa (ckleopa) ckleopa at cisco.com
Mon Aug 27 09:23:28 EDT 2018


Let’s make sure that you are not dealing with any bad checksums, or jumbo frames by adding the parameters: "-k none -P 9000”.

If that still does not work let us know
Costas

From: Snort-openappid <snort-openappid-bounces at lists.snort.org> on behalf of "yunus.can at arjeta.com.tr" <yunus.can at arjeta.com.tr>
Date: Monday, August 27, 2018 at 8:49 AM
To: "snort-openappid at lists.snort.org" <snort-openappid at lists.snort.org>
Subject: [Snort-openappid] feebsd openappid problem

Hi,
I installed snort on FreeBSD.Openappid is active.OpenAppid is running.Dns,bittorent,http ... detect.but facebook,twitter,youtube not detect.Where is the problem.

Freebsd Version 11.0
snort version 2.9.11.1
openappid version 303

Runing command "snort -A console -c /usr/local/etc/snort/snort.conf --daq ipfw --daq-mode inline --daq-var port=8000"



u2openappid appstats-u2.log.1535373079 output

statTime="1535373111",appName="Chrome",txBytes="4399",rxBytes="0"

statTime="1535373111",appName="HTTP",txBytes="4399",rxBytes="0"

statTime="1535373274",appName="DNS",txBytes="134",rxBytes="0"

statTime="1535373076",appName="Chrome",txBytes="8857",rxBytes="0"

statTime="1535373076",appName="HTTP",txBytes="8857",rxBytes="0"

statTime="1535373076",appName="Web Of Trust",txBytes="8857",rxBytes="0"

statTime="1535373319",appName="DNS",txBytes="68",rxBytes="0"

statTime="1535373362",appName="DNS",txBytes="62",rxBytes="0"

statTime="1535373091",appName="Google",txBytes="1618",rxBytes="0"

statTime="1535373091",appName="Chrome",txBytes="1618",rxBytes="0"

statTime="1535373091",appName="HTTP",txBytes="1618",rxBytes="0"

statTime="1535373433",appName="DNS",txBytes="58",rxBytes="0"

statTime="1535373462",appName="DNS",txBytes="139",rxBytes="0"

statTime="1535373463",appName="DNS",txBytes="136",rxBytes="0"

statTime="1535373498",appName="DNS",txBytes="120",rxBytes="0"
Additional snort work output.Thanks for the answers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180827/c6b9fd10/attachment.html>


More information about the Snort-openappid mailing list