[Snort-sigs] testing snort signature with uri content
MD B Zaman L
mdbzaman.l at ...2420...
Wed Feb 13 05:49:30 EST 2008
I am a new user of snort . I am finding some difficulty in using
the snort signatures with uri content.
I have created my own snort signature as follows to test for uri
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"uri content
testing successful "; flow:to_server,established; uricontent:"/server-info";
After that I tried to access the webpage
http://<http_server>/server-info and verified with ethereal whether the
content /server-info is generated or not.
Ethereal was showing that the content was generated.
But no alert was fired for the above written signature .
Please clarify me how to test signatures with uri content.
Snort is working fine as I have checked with other signatures with no
With Thanks in Advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs