[Snort-users] p2p traffic detect (torrents)

Dmitry Korzhevin dmitry.korzhevin at ...15907...
Wed Oct 31 10:29:29 EDT 2012

Guys, can you please advice best way to detect torrents? For now i use 
only one rule in my /etc/snort/snort.conf configuration file:


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "torrent"; 
content:"GET"; content:"torrent"; sid:1100021; rev:1;)

But i don't think it is best of snort can do to detect torrents.. I 
downloaded latest snortrules-snapshot-2931.tar.gz file from site 
snort.org using my oinkcode, i see, archive have some king of p2p.rules 

How should i need to connect this p2p.rules to my snort?

Best Regards,

System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at ...15907...
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121031/eaff9821/attachment.bin>

More information about the Snort-users mailing list