Follow the generated .lua file and capture packages using wireshark.
More information of the application:
IP: 200.189.97.13
Door: 212
Protocol: TCP

Thank you for your help!


2018-04-23 21:49 GMT-03:00 Costas Kleopa (ckleopa) <ckleopa@cisco.com>:
Could you share a small sample Pcaps and the lua script you generated for us to see what the issue is?

Thanks,
Costas

On Apr 23, 2018, at 3:47 PM, Deivison Xavier via Snort-openappid <snort-openappid@lists.snort.org> wrote:

I forgot to mention, I already used the tool, I can generate the .lua file. But in the log processing only appears as "unknown", the defined name appears.

2018-04-23 15:39 GMT-03:00 Y M via Snort-openappid <snort-openappid@lists.snort.org>:
You can use the “appid_detector_builder.sh” tool that comes with Snort’s tarball in the bin directory.

YM

From: Snort-openappid <snort-openappid-bounces@lists.snort.org> on behalf of Deivison Xavier via Snort-openappid <snort-openappid@lists.snort.org>
Sent: Monday, April 23, 2018 9:36:04 PM
To: snort-openappid@lists.snort.org
Subject: [Snort-openappid] OpenAppID custom detector
 
Hello,

I am doing a college work on OpenAppID (Snort 2.9.9.11/Ubuntu16). I'm having trouble creating a detector for a third-party application. I read OpenDetectorDeveloperGuide3.0n (https://www.snort.org/downloads/openappid/6328), but it was not clear how to customize a detector. Someone with knowledge about the subject?


--
Att,

Deivison Xavier

_______________________________________________
Snort-openappid mailing list
Snort-openappid@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!




--
Att,

Deivison Xavier
_______________________________________________
Snort-openappid mailing list
Snort-openappid@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!



--
Att,

Deivison Xavier