[Snort-devel] Content across multiple packets Not detected by Snort
jackhammer at ...2499...
Tue Apr 27 07:43:34 EDT 2004
Now I may be missing something but looking at your pcap file, there is
nothing in there to trigger the rule... Here is the ascii content
between the hosts for the 3131 connection:
Wow, over a year since the laslability, take
a loi trinity at ...2502... Welcome
.nort but are interested in a
* Major tagging updally supported version with
You are searching for Hello World, that pcap file shouldn't trigger an alert.
----- Original Message -----
From: Dennis George <easyeinfo at ...398...>
Date: Mon, 26 Apr 2004 22:42:23 -0700 (PDT)
Subject: Re: [Snort-devel] Content across multiple packets Not detected by Snort
To: snort-devel at lists.sourceforge.net
Cc: Martin Roesch <roesch at ...402...>
Here with this mail I am sending the pcaps of my traffic.... It
contains other traffic also. I am testing snort by creating a server
client program... My server is listening to port no 3131 and the
client is sending data to the same port (3131). So check for the 3131
port in the pcaps.
Thanks and regards
Martin Roesch <roesch at ...402...> wrote:
No, I meant do you have binary packet capture files (pcaps) of the
traffic that you're having trouble with? To generate them simply, run
'tcpdump -w packets.pcap' and run your traffic, that should record the
traffic and put it in a format that can be played back through Snort.
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
More information about the Snort-devel