[Snort-sigs] Rules question

neil ramsarran neilramsarran at ...12...
Thu Dec 1 21:29:19 EST 2016


how do replay the packets can you give some instructions


________________________________
From: Wei Chea Ang <weichea at ...2420...>
Sent: Thursday, December 1, 2016 9:05 PM
To: neil ramsarran
Cc: snort-sigs; Atanas Hambardzhiev
Subject: Re: [Snort-sigs] Rules question


Replay the packets and see what rule triggers.

On Dec 2, 2016 9:54 AM, "neil ramsarran" <neilramsarran at ...12...<mailto:neilramsarran at ...12...>> wrote:

I'm having the same problem , I cannot seem to get the assignment done with running winpractice txt file on the snort. any help will be highly appreciated


Thanks


________________________________
From: Atanas Hambardzhiev <atanasn3 at ...2420...<mailto:atanasn3 at ...2420...>>
Sent: Wednesday, November 30, 2016 10:16 PM
To: snort-sigs at lists.sourceforge.net<mailto:snort-sigs at ...3414...t>
Subject: [Snort-sigs] Rules question

Hello all,

First i would like to express my gratitude for great snort project you have created and the countless hours  you put to make it better and up to date.

I am having difficulty understanding how rules are created and composed. The more time i spent better i get at the whole idea behind it, but still some things are unclear.

In my example, i am given two wireshark packets and i have to understand by which(under)  snort rules those packets are conceived.

[Inline image 1]

[Inline image 2]
[Inline image 3]


Packet 8
[Inline image 4]
[Inline image 5]

Here are all the detail about the Frames/Packets 7 and 8.
There are generated under specific rule which are specified in snort rule list. I dont have the list to look it up, so i am trying to figure out the rules.

Can you please identify these 2 rules?

Thanks in advance!!
Best,

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c69bdc9b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 17772 bytes
Desc: image.png
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c69bdc9b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 3973 bytes
Desc: image.png
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c69bdc9b/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 37485 bytes
Desc: image.png
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c69bdc9b/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 8840 bytes
Desc: image.png
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c69bdc9b/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 38304 bytes
Desc: image.png
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c69bdc9b/attachment-0004.png>


More information about the Snort-sigs mailing list