[Snort-sigs] SubSeven Sigs
cmg at ...435...
Tue Mar 12 14:05:03 EST 2002
counter.spy at ...52... writes:
> Can somebody give me a clue on how to find unique patterns in packets?
> Are there any tools that help finding such patterns
What I typically do is run tcpdump -w exploit.cap -s 1500 -i eth0 and
then use ethereal or snort -dev -r exploit.cap to find them
Its pretty much eyeball intensive. Use BPF to isolate the port
If you would send some example packet captures I would gladly try to
help you though I wonder if S7 uses dynamic keying now..
Chris Green <cmg at ...435...>
A good pun is its own reword.
More information about the Snort-sigs