[Snort-sigs] Rules question

Chris Pyles pyles at ...4203...
Thu Dec 1 21:26:23 EST 2016


Atanas/Neil,

I'm having trouble understanding what you are looking to accomplish. You
have pcap files and are trying to determine what snort rules would fire if
that traffic were to happen in production - Is that correct?

Thanks!

Chris

On Thu, Dec 1, 2016 at 9:00 PM neil ramsarran <neilramsarran at ...12...>
wrote:

> ------------------------------
> *From:* neil ramsarran <neilramsarran at ...12...>
> *Sent:* Thursday, December 1, 2016 8:43 PM
> *To:* Atanas Hambardzhiev; snort-sigs at lists.sourceforge.net
> *Subject:* Re: [Snort-sigs] Rules question
>
>
> I'm having the same problem , I cannot seem to get the assignment done
> with running winpractice txt file on the snort. any help will be highly
> appreciated
>
>
> Thanks
>
>
> ------------------------------
> *From:* Atanas Hambardzhiev <atanasn3 at ...2420...>
> *Sent:* Wednesday, November 30, 2016 10:16 PM
> *To:* snort-sigs at lists.sourceforge.net
> *Subject:* [Snort-sigs] Rules question
>
> Hello all,
>
> First i would like to express my gratitude for great snort project you
> have created and the countless hours  you put to make it better and up to
> date.
>
> I am having difficulty understanding how rules are created and composed.
> The more time i spent better i get at the whole idea behind it, but still
> some things are unclear.
>
> In my example, i am given two wireshark packets and i have to understand
> by which(under)  snort rules those packets are conceived.
>
> [image: Inline image 1]
>
> [image: Inline image 2]
> [image: Inline image 3]
>
>
> Packet 8
> [image: Inline image 4]
> [image: Inline image 5]
>
> Here are all the detail about the Frames/Packets 7 and 8.
> There are generated under specific rule which are specified in snort rule
> list. I dont have the list to look it up, so i am trying to figure out the
> rules.
>
> Can you please identify these 2 rules?
>
> Thanks in advance!!
> Best,
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/aef23566/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 17772 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/aef23566/attachment.png>


More information about the Snort-sigs mailing list