With Discord, as long as you know the server you're connecting to for voice traffic, yes. If it's triggering GID 137 rules in the preprocessor though, you're probably better off turning those rules off instead of trying to whitelist because I know those rules will also hit Hulu and a few other streaming services which use CDNs. Not sure on if suppressing would be viable as a fix. Others may know a better option than I on this.

Lucas

On Sat, Jan 19, 2019 at 12:15 AM Ryan Ritchie <ryno5514@gmail.com> wrote:
Thanks,

I will look into the edits. Is there a better way to filter the traffic from said apps to make sure it is that traffic?

On Fri, Jan 18, 2019, 11:05 PM Lucas Smith via Snort-users <snort-users@lists.snort.org wrote:
I also use discord behind a PfSense box running snort and do not have any sort of issues. I seem to recall that Hulu tended to trigger GID 137 on SIDs 1 and 2 under the preprocessor though I never did figure out why. Are you using snort on something like PfSense or a different OS? PfSense to check blocked hosts would be Services > Snort > Blocked. If you see something like SSL_INVALID_SERVER_HELLO or SSL_INVALID_CLIENT_HELLO, that would mean GID137:SIDs 1 and 2 would be good to turn off in the interface-specific settings. It'll be in preprocessor.rules. Like wkitty42 pointed out though, you'll want to look at the alerts raised first before jumping to disabling rules.

Hope this helps,

Lucas 

On Sun, Jan 13, 2019 at 6:33 AM wkitty42--- via Snort-users <snort-users@lists.snort.org> wrote:
On 1/13/19 12:45 AM, Ryan Ritchie via Snort-users wrote:
>     I just need to figure out why it blocked Discord, Plex and Netflix and how
>     to prevent it from blocking it.


you look at the alerts that were raised... once you know the rules that
triggered the alerts, either disable those rules that were triggered OR
threshold them for those roku and plex devices' IPs...


--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave@lists.snort.org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave@lists.snort.org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette