[Snort-devel] Content across multiple packets Not detected by Snort

Dennis George easyeinfo at ...398...
Tue Apr 27 04:43:05 EDT 2004


Oh I am extremly Sorry for that... But in this test case I am searching for trinity at ...2501...
 
Sorry I didn't mention that......
 
Dennis

Paul Tinsley <jackhammer at ...2499...> wrote:
Now I may be missing something but looking at your pcap file, there is
nothing in there to trigger the rule... Here is the ascii content
between the hosts for the 3131 connection:
Wow, over a year since the laslability, take
a loi trinity at ...2502... Welcome
.nort but are interested in a 
* Major tagging updally supported version with
ent==============================


You are searching for Hello World, that pcap file shouldn't trigger an alert.

Thanks,
Paul Tinsley


----- Original Message -----
From: Dennis George 
Date: Mon, 26 Apr 2004 22:42:23 -0700 (PDT)
Subject: Re: [Snort-devel] Content across multiple packets Not detected by Snort
To: snort-devel at lists.sourceforge.net
Cc: Martin Roesch 




Hi Marty,


Here with this mail I am sending the pcaps of my traffic.... It
contains other traffic also. I am testing snort by creating a server
client program... My server is listening to port no 3131 and the
client is sending data to the same port (3131). So check for the 3131
port in the pcaps.


Thanks and regards


Dennis

Martin Roesch wrote:

No, I meant do you have binary packet capture files (pcaps) of the 
traffic that you're having trouble with? To generate them simply, run 
'tcpdump -w packets.pcap' and run your traffic, that should record the 
traffic and put it in a format that can be played back through Snort.

-Marty



________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
		
---------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040427/aed6a9d3/attachment.html>


More information about the Snort-devel mailing list