[Oisf-users] BPF Filtering
Cooper F. Nelson
cnelson at ucsd.edu
Thu Mar 27 17:28:47 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Absolutely! First, identify your top-talkers (I used argus for this).
Netflix is probably being served from a cache @ your ISP, either managed
by Akamai or Netflix themselves. For example, in our case:
sdg-netflix.cenic.net
tri-netflix.cenic.net
You can then filter these efficiently via bpf expression.
- -Coop
On 3/27/2014 4:06 AM, Adnan Baykal wrote:
> Anyone have any bpf filters for filtering out video/specifically netflix
> type of traffic?
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTNF/PAAoJEKIFRYQsa8FWgJsIAMl2l4yM/jTnJWtOLT8YrJdl
5tqEFbVGYZyrziXdgab4zHjZ4sZ232AE1zpOTN3K3naDEEUX7iHtd7pUptm5gkcH
XgdHImn+gotgqs9eQ/YAq/FwiOPw6zvGVc92abF9wNM3DrNI9UiBzvhJ3O2zT/E5
yTSegUx2AWBWQmlyGPij0nzX2Kmnx/GfPuAX3P/jbk+cYkQp/197J7FhXs+IkjYn
hAIoHZrJHXBRCL97ztqzG2A9kx/bC+JyTIYsdo3owsWsrKbsbhKVcmvLpRwwnZkV
Tuxg0b/tulphJgAe1d3UwRo8J4/CtjpYHgFTefztOwXrtb3geaK6v1325KJe8sY=
=i7jM
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list