[Snort-users] Create rules for Google Hangouts

liao zhuodi liao_zd at ...17090...
Wed Feb 11 22:11:25 EST 2015


Thanks Lewis, the grep appMapping.data does helps. I am trying to create some complete rules, i find some of the rules/openaapID use http pattern to detect user access, but like google hangouts: http://www.google.com/hangouts/ <http://www.google.com/hangouts/>, but when user use Google Hangouts, they usually use it inside the gmail web page, or some client ends. But the message text or hangouts call are encrypted by SSL, https, how can i catch the traffic from hangouts?

Liao

> On 11 Feb 2015, at 20:02, Al Lewis (allewi) <allewi at ...589...> wrote:
> 
> To get a feel for what you can do with rules a good place to start would be here: http://manual.snort.org/node27.html
> 
> There are a bunch of app detectors in the openappID tool for google (Hangouts is one of them) : I have listed them below. You can check out/download openapp here: https://www.snort.org/downloads
> 
> alewis at ...17075...:~/Downloads/odp$ cat appMapping.data | cut -f2 | grep -i google
> Google APIs
> Google App Engine
> Google Drive
> Google Talk Gadget
> Google
> Google Translate
> Google Analytics
> Google Calendar
> Google News
> Google Product Search
> Google Safebrowsing
> Google Earth
> Googlebot
> Google Toolbar
> Google Finance
> Google Play Books
> Google Play Music
> Google Reader
> Google Adsense
> Google Remote Desktop
> Google Fiber
> Google Code project hosting
> Google Update
> Googlebot Image Search
> Google PageSpeed
> Google URL Shortener
> Google Groups
> Google+ Photos
> Google+ Videos
> Google Accounts Authentication
> Google Hangouts
> Google Helpouts
> 
> Hope this helps!
> 
> Albert Lewis
> QA Software Engineer
> SOURCEfire, Inc. now part of Cisco
> 9780 Patuxent Woods Drive
> Columbia, MD 21046 
> Phone: (office) 443.430.7112
> Email: allewi at ...589... 
> 
> -----Original Message-----
> From: liao zhuodi [mailto:liao_zd at ...17090...] 
> Sent: Wednesday, February 11, 2015 2:58 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Create rules for Google Hangouts
> 
> I am trying to create rules about Google Hangouts app, it is a web app in the gmail page, it usees Quick UDP protocol, however I can not find the signature for it. Doesn’t anyone has any suggestion, thanks.
> 
> Liao
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150212/87ccf60b/attachment.html>


More information about the Snort-users mailing list