[Snort-users] monitoring https / SSL
Keith.McCammon at ...3497...
Thu May 2 10:03:03 EDT 2002
It's not that simple, as https traffic is encrypted, and snort cannot decode it in the same manner as http traffic, which is in the clear. Rules that apply to source and destination ports can be changed, as could certain rules referencing packet size, flags, etc. However, snort can't grab the application-layer data from https traffic.
From: Slade Edmonds [mailto:slade at ...5758...]
Sent: Thursday, May 02, 2002 12:51 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] monitoring https / SSL
Could anyone direct me to information regarding snorting SSL traffic? Is it
just a matter of taking the rules files designed for monitoring standard
http port 80 and adding an ssl port to it?
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth at ...382...
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users