It's not that simple, as https traffic is encrypted, and snort cannot decode it in the same manner as http traffic, which is in the clear. Rules that apply to source and destination ports can be changed, as could certain rules referencing packet size, flags, etc. However, snort can't grab the application-layer data from https traffic.

Cheers

Keith

-----Original Message-----
From: Slade Edmonds [mailto:sladesmipc.net]
Sent: Thursday, May 02, 2002 12:51 PM
To: snort-userslists.sourceforge.net
Subject: [Snort-users] monitoring https / SSL

Could anyone direct me to information regarding snorting SSL traffic? Is it
just a matter of taking the rules files designed for monitoring standard
http port 80 and adding an ssl port to it?

Thanks

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]