[Snort-devel] Content across multiple packets Not detected by Snort

Dennis George easyeinfo at ...398...
Mon Apr 26 22:43:02 EDT 2004


Hi Marty,
 
Here with this mail I am sending the pcaps of my traffic.... It contains other traffic also. I am testing snort by creating a server client program... My server is listening to port no 3131 and the client is sending data to the same port (3131). So check for the 3131 port in the pcaps. 
 
Thanks and regards
 
Dennis

Martin Roesch <roesch at ...402...> wrote:
No, I meant do you have binary packet capture files (pcaps) of the 
traffic that you're having trouble with? To generate them simply, run 
'tcpdump -w packets.pcap' and run your traffic, that should record the 
traffic and put it in a format that can be played back through Snort.

-Marty


		
---------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040426/b92db51d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: packets.pcap
Type: application/octet-stream
Size: 10648 bytes
Desc: packets.pcap
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040426/b92db51d/attachment.obj>


More information about the Snort-devel mailing list