[Snort-users] monitoring https / SSL

McCammon, Keith Keith.McCammon at ...3497...
Thu May 2 10:03:03 EDT 2002

It's not that simple, as https traffic is encrypted, and snort cannot decode it in the same manner as http traffic, which is in the clear.  Rules that apply to source and destination ports can be changed, as could certain rules referencing packet size, flags, etc.  However, snort can't grab the application-layer data from https traffic.



-----Original Message-----
From: Slade Edmonds [mailto:slade at ...5758...]
Sent: Thursday, May 02, 2002 12:51 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] monitoring https / SSL

Could anyone direct me to information regarding snorting SSL traffic?  Is it
just a matter of taking the rules files designed for monitoring standard
http port 80 and adding an ssl port to it?



Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth at ...382...
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list