[Snort-sigs] Could someone test a rule for me please?
chas5873 at ...2420...
Mon Jul 7 06:43:27 EDT 2014
Sorry to be a pain guys, could somebody get back to me regarding my last
On Thu, Jul 3, 2014 at 11:39 AM, Charlie Egan <chas5873 at ...2420...> wrote:
> No worries Nathan!
> Joel, I'm curious to what the |13| means in the content section? I can't
> figure it out when looking at the stream content image I uploaded above
> from Wireshark.
> Your rule looks a lot better than mine, with the extra depth which I've
> just read up about, so thanks for that.
> Out of curiousity though, would my initial rule have worked without giving
> out any false positives?
> On Wed, Jul 2, 2014 at 7:17 PM, lists at ...3397... <lists at ...3397...
> > wrote:
>> On 07/02/2014 12:56 PM, Joel Esler (jesler) wrote:
>> > I think Nathan may have missed the “BitTorrent protocol” part.
>> Without a doubt, I completely missed it. I profusely apologize Charlie.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs