@stephenw10 I originally didn't think it would work. But it does. It's amazing.

@michmoor I am very thankful they shared what they have with the open source community. For a small non enterprise network, or some individuals that are working from home, something like this really helps with cyber security. Thank you Cisco, Snort, and pfSense.

@michmoor @bmeeks

Here is, the fully converted appMapping.data to text file...

Screenshot 2023-10-04 at 5.58.46 PM.jpg

The pfSense Snort AppID de-cipher sorcerer's code file: --> textrules.txt

Sid range: 1000000 - 1003371

Total 3,371 AppID rules you can use with the custom option.

I converted it with a Java program I just made. The message is the same as the appid match it makes it easier.

Some of the ieee items are bigger but they seem to match.