[Snort-sigs] Rules question

Wei Chea Ang weichea at ...2420...
Thu Dec 1 21:05:32 EST 2016


Replay the packets and see what rule triggers.

On Dec 2, 2016 9:54 AM, "neil ramsarran" <neilramsarran at ...12...> wrote:

> I'm having the same problem , I cannot seem to get the assignment done
> with running winpractice txt file on the snort. any help will be highly
> appreciated
>
>
> Thanks
>
>
> ------------------------------
> *From:* Atanas Hambardzhiev <atanasn3 at ...2420...>
> *Sent:* Wednesday, November 30, 2016 10:16 PM
> *To:* snort-sigs at lists.sourceforge.net
> *Subject:* [Snort-sigs] Rules question
>
> Hello all,
>
> First i would like to express my gratitude for great snort project you
> have created and the countless hours  you put to make it better and up to
> date.
>
> I am having difficulty understanding how rules are created and composed.
> The more time i spent better i get at the whole idea behind it, but still
> some things are unclear.
>
> In my example, i am given two wireshark packets and i have to understand
> by which(under)  snort rules those packets are conceived.
>
> [image: Inline image 1]
>
> [image: Inline image 2]
> [image: Inline image 3]
>
>
> Packet 8
> [image: Inline image 4]
> [image: Inline image 5]
>
> Here are all the detail about the Frames/Packets 7 and 8.
> There are generated under specific rule which are specified in snort rule
> list. I dont have the list to look it up, so i am trying to figure out the
> rules.
>
> Can you please identify these 2 rules?
>
> Thanks in advance!!
> Best,
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c2a7594f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 17772 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c2a7594f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 3973 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c2a7594f/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 37485 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c2a7594f/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 8840 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c2a7594f/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 38304 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161202/c2a7594f/attachment-0004.png>


More information about the Snort-sigs mailing list