[Snort-sigs] Rules question

Atanas Hambardzhiev atanasn3 at ...2420...
Wed Nov 30 22:16:44 EST 2016


Hello all,

First i would like to express my gratitude for great snort project you have
created and the countless hours  you put to make it better and up to date.

I am having difficulty understanding how rules are created and composed.
The more time i spent better i get at the whole idea behind it, but still
some things are unclear.

In my example, i am given two wireshark packets and i have to understand by
which(under)  snort rules those packets are conceived.

[image: Inline image 1]

[image: Inline image 2]
[image: Inline image 3]


Packet 8
[image: Inline image 4]
[image: Inline image 5]

Here are all the detail about the Frames/Packets 7 and 8.
There are generated under specific rule which are specified in snort rule
list. I dont have the list to look it up, so i am trying to figure out the
rules.

Can you please identify these 2 rules?

Thanks in advance!!
Best,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161130/953a0c25/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 3973 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161130/953a0c25/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 37485 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161130/953a0c25/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 38304 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161130/953a0c25/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 8840 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161130/953a0c25/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 17772 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161130/953a0c25/attachment-0004.png>


More information about the Snort-sigs mailing list