<br><br><div class="gmail_quote">On Thu, May 31, 2012 at 4:42 PM, Victor Julien <span dir="ltr"><<a href="mailto:victor@inliniac.net" target="_blank">victor@inliniac.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 05/31/2012 03:30 PM, Henri Wahl wrote:<br>
> Hello world,<br>
> after finally managing to run Suricata 1.3 on OpenBSD - thanks to all of<br>
> you who helped me - I am now running Suricata and Snort in parallel to<br>
> compare detection and overall performance.<br>
> In my opinion Suricata does a pretty good job, but only fails in<br>
> detecting P2P traffic caused by Bittorrent clients and the likes. Where<br>
> Snort immediately detects P2P packets (which allow me to block them with<br>
> a snortsam-like construction) Suricata keeps silence. I use the<br>
> p2p.rules and emerging-p2p.rules, now the identical ones (Snort/Suricta)<br>
> and before the Suricata optimized ones from Emerging Threads but the<br>
> result is always the same - silence.<br>
> Is something like this known or has anybody another direction for me<br>
> where to look for?<br>
<br>
</div>Can you share an entry from your stats.log?<br>
<span class="HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br>and some of the sids that do not alert? <br></div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="HOEnZb"><font color="#888888">
--<br>
---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<br>
_______________________________________________<br>
Oisf-devel mailing list<br>
<a href="mailto:Oisf-devel@openinfosecfoundation.org">Oisf-devel@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div><br>