Ticket #3545 (closed feature request: invalid)
L7 filter and regular expression
|Reported by:||cramped_gamut@…||Owned by:||jacalvo@…|
|Milestone:||nice to have someday||Component:||base|
|Severity:||normal||Keywords:||L7 Filter, Regular Expression|
I have some queries regarding the L7 Filter issues for protocol detection.
- Does every ptotocol leaves a fingerprint inside which we cannot indentify with this mean which are not yet coded and which are not accessible with this methods?
- the rules about the timing for protocol detection?
- is the modification necesssary to get the protocols detected, and how is the modification done?
- As protocol detection with L7 filter is based on application layer protocols. However, even for this do we need to look at the headers from the bottom up of the OSI layer before reaching up to the application layer or only the application layer payload is enough to detect the protocols from L7 filtering method.
- Is they any means of put some markers for the initial and end of the session in the RegEx? rules??
Note: See TracTickets for help on using tickets.