Project

General

Profile

Actions
Copy link

Feature #2713

closed
VJ PC

protocol detection w/o protocol parsing

Feature #2713: protocol detection w/o protocol parsing

Added by Victor Julien over 7 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Pierre Chifflier
Target version:
TBD
Effort:
Difficulty:
Label:

Description

At the Suricon2018 it was requested to add better support for detection of protocols w/o implementing full parsers.

Pierre, could you fill in more details of what you have in mind?

Related issues 3 (2 open1 closed)

Related to Suricata - Task #2685: SuriCon 2018 brainstormAssignedVictor JulienActions
Related to Suricata - Task #2757: improve protocol detectionIn ReviewPhilippe AntoineActions
Related to Suricata - Feature #6366: pop3: protocol detectionClosedPhilippe AntoineActions

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #1

  • Related to Task #2685: SuriCon 2018 brainstorm added

PA Updated by Philippe Antoine over 6 years ago Actions
Copy link
 #2

Are there specific protocols in mind ?
What is the use case ?
We have to watch for evasions to use this in a rules context...

PA Updated by Philippe Antoine over 6 years ago Actions
Copy link
 #3

  • Related to Task #2757: improve protocol detection added

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #4

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #5

  • Status changed from Feedback to Closed

Closing as stale, feel free to reopen if tou have specific protocols in mind Pierre

Actions
Copy link

Also available in: PDF Atom