[Snort-sigs] payload problem

Alexandru Balan jay at ...1722...
Mon Jun 21 02:35:05 EDT 2004


[root at ...2558... root]# snort -qvdi br0 src host 80.86.100.173 and not port 22
06/21-12:29:14.208233 80.86.100.173:33435 -> 80.86.106.24:33
TCP TTL:62 TOS:0x10 ID:1592 IpLen:20 DgmLen:60 DF
******S* Seq: 0xB0A36BC6  Ack: 0x0  Win: 0x16D0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 10710526 0 NOP WS: 0

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


How do i run snort in order to see the payload of every connection to a
specific port ?
I want to capture the traffic in order to write signatures based on
content:"|...|".


--
Jay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040621/20f094bb/attachment.sig>


More information about the Snort-sigs mailing list