Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense – Snort : Detectando protocolos usados en tu red con OpenAppID

    Scheduled Pinned Locked Moved Español
    1 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      javcasta
      last edited by

      Hola.

      Enlazando con el post:

      pfSense–ntopng: Detectando protocolos usados en tu red con ndpiReader vía shell https://forum.pfsense.org/index.php?topic=120399.0

      pfSense – snort : Detectando protocolos usados en tu red con OpenAppID

      Ahora muestro cómo detectar protocolos de capa de aplicación (Layer 7) en pfSense con el paquete snort instalado con OpenAppID habilitado:

      En Services > Snort > Global Settings. > Sourcefire OpenAppID Detectors: Habilitar:

      Enable OpenAppID
          Click to enable download of Sourcefire OpenAppID Detectors

      Salvar cambios y reiniciar el servicio Snort.
      Tras un tiempo para que snort y OpenAppID recolecten datos, podremos mirar los protocolos detectados:

      Vía GUI: En Services > Snort > Snort interfaces > Wan Logs > app-stats.log

      Vía shell: Desde shell, con el comando: (target fichero: app-stats-log.MARCA-DE-TIEMPO )

      u2openappid /var/log/snort/snort_em024285/app-stats.log.1478100006

      [2.3.2-RELEASE][root@pfSense232a.localdomain]/: u2openappid /var/log/snort/snort_em024285/app-stats.log.1478100006
      statTime="1478099700",appName="DNS",txBytes="174",rxBytes="218"
      statTime="1478099700",appName="__unknown",txBytes="1727",rxBytes="5714"
      statTime="1478099700",appName="__unknown",txBytes="2984",rxBytes="1168"
      statTime="1478100000",appName="HTTPS",txBytes="1992",rxBytes="7017"
      statTime="1478100000",appName="__unknown",txBytes="8065",rxBytes="2593"
      statTime="1478100000",appName="__unknown",txBytes="336",rxBytes="402"
      statTime="1478100300",appName="__unknown",txBytes="448",rxBytes="580"
      statTime="1478100300",appName="__unknown",txBytes="224",rxBytes="224"
      statTime="1478100600",appName="Google",txBytes="2692",rxBytes="5399"
      statTime="1478100600",appName="HTTPS",txBytes="2692",rxBytes="5399"
      statTime="1478100600",appName="SSL client",txBytes="2692",rxBytes="5399"
      statTime="1478100600",appName="__unknown",txBytes="3471",rxBytes="770"
      statTime="1478100600",appName="__unknown",txBytes="178",rxBytes="178"
      statTime="1478100900",appName="Google",txBytes="2980",rxBytes="6172"
      statTime="1478100900",appName="HTTPS",txBytes="2980",rxBytes="6172"
      statTime="1478100900",appName="SSL client",txBytes="2980",rxBytes="6172"
      statTime="1478100900",appName="__unknown",txBytes="1762",rxBytes="1395"
      statTime="1478101200",appName="Google",txBytes="1238",rxBytes="5366"
      statTime="1478101200",appName="Firefox",txBytes="761",rxBytes="2672"
      statTime="1478101200",appName="Gmail",txBytes="3276",rxBytes="6218"
      statTime="1478101200",appName="HTTP",txBytes="761",rxBytes="2672"
      statTime="1478101200",appName="HTTPS",txBytes="6325",rxBytes="16093"
      statTime="1478101200",appName="Mozilla",txBytes="1811",rxBytes="4509"
      statTime="1478101200",appName="SSL client",txBytes="6325",rxBytes="16093"
      statTime="1478101200",appName="GoDaddy",txBytes="761",rxBytes="2672"
      statTime="1478101200",appName="__unknown",txBytes="1233",rxBytes="848"
      statTime="1478101200",appName="Firefox",txBytes="1753",rxBytes="5116"
      statTime="1478101200",appName="HTTP",txBytes="1753",rxBytes="5116"
      statTime="1478101200",appName="HTTPS",txBytes="11131",rxBytes="76597"
      statTime="1478101200",appName="Gravatar",txBytes="723",rxBytes="3957"
      statTime="1478101500",appName="Google",txBytes="9844",rxBytes="31304"
      statTime="1478101500",appName="HTTPS",txBytes="11740",rxBytes="38018"
      statTime="1478101500",appName="SSL client",txBytes="9844",rxBytes="31304"
      statTime="1478101500",appName="__unknown",txBytes="9938",rxBytes="1718"
      statTime="1478101500",appName="Google",txBytes="10250",rxBytes="34118"
      statTime="1478101500",appName="HTTPS",txBytes="34320",rxBytes="268372"
      statTime="1478101500",appName="SSL client",txBytes="10250",rxBytes="34118"
      statTime="1478101500",appName="__unknown",txBytes="5579",rxBytes="27426"
      statTime="1478101800",appName="__unknown",txBytes="11675",rxBytes="5171"
      

      Salu2

      Javier Castañón
      Técnico de comunicaciones, soporte y sistemas.

      Mi web: https://javcasta.com/

      Soporte scripting/pfSense https://javcasta.com/soporte/

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.