[Snort-sigs] rules and protocol URL

Federico Castañeda F_CASTANEDA at ...2024...
Tue Nov 11 13:23:05 EST 2003


Try ngrep with some of the usual  HTTP patterns. You can output format to
get IP SRC, IP DST and port.

-----Original Message-----
From: Nosnos [mailto:nosnos94 at ...1123...]
Sent: Monday, November 10, 2003 10:53 AM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] rules and protocol URL


Hi,
 
I want to know how to write a rule that only match traffic that correspond
to HTTP protocol ... ? I know that often rules try to match the port 80, but
I want a rules that detect http protocol and are not based on port number
....
 
(I want the same things for pop or stmp protocol) ...
 
thx a lot

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20031111/82d23a8f/attachment.html>


More information about the Snort-sigs mailing list