[Oisf-devel] BIt Torrent Traffic

Andreas Herz andi at geekosphere.org
Sun Oct 23 21:16:42 UTC 2016

On 24/10/16 at 01:16, Steve wrote:
> HI
> I have Suricata setup and detecting various signatures, but I can't
> detect Bit Torrent traffic. 

Can you describe your setup in more detail?

> I have the  emerging-p2p.rules loaded and set to Drop, but nothing gets
> detected, not by protocol or DHT detection.

What rules do you think should trigger and do you have some .pcap to
share? Maybe the rules just don't fit your traffic.

> Any ideas on that ?   I'm using Suricata 3.1
> Regards,
> Steve
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net

Andreas Herz

More information about the Oisf-devel mailing list