[Snort-users] SnortSnarf version 041501.1
Burleson, Lee (IA)
Lee.Burleson at ...1358...
Mon Apr 16 18:02:01 EDT 2001
Well, I happen to also have a copy of netcat (for Win32), and I tested it
out. Incredibly, I was able to open the .gz file just fine. According to
your logic, that means that there probably is a browser problem. I can hear
the public sigh as I tell you that I've been using IE5.5, but that does not
solve the mystery of being able to use the .gz from snort.org.
I don't have a uuencode program, so if you still want the IE-downloaded .gz
file in UU format, I'll have to get one from the Net somewhere.
But here's a clue: the file size of the IE-dl'ed .gz is 542,720 bytes,
whereas the nc file is 120,629 bytes.
> -----Original Message-----
> From: James Hoagland [mailto:hoagland at ...47...]
> Sent: Monday, April 16, 2001 3:25 PM
> To: Burleson, Lee (IA)
> Cc: hoagland at ...47...
> Subject: RE: [Snort-users] SnortSnarf version 041501.1
> >Jim -
> >OK, that worked fine. I received a .uu file that WinZip was
> able to open.
> >The extracted .gz file checked out at 120,629 bytes. I was
> then able to
> >open that file normally; WinZip then offered to untar the .tar file
> >automatically, as the .gz only contained that one file. I
> suspect that
> >PKZip at the command line would succeed as well.
> >I.e, your attachment came through just fine. I'll take it
> and run. What
> >could the difference(s) be between the .gz file on
> silicondefense.com, the
> >.gz on snort.org, and the .uu via email?
> What browser did you use for your download? Could you send me a copy
> of what you got originally (uuencoded if possible).
> There is no difference from what I can tell between the file I used
> to make the .uu and what the web server serves up to me. I did this:
> % nc www.silicondefense.com 80 > SS-041501.1.tar.gz
> GET /software/snortsnarf/SnortSnarf-041501.1.tar.gz
> Pretty primitive web access, eh? Then I diffed this with the version
> I packaged up and there was no difference.
> So there are a couple possilities:
> 1) The web server gives you something different.
> 2) It is changed somehow on the network
> 3) Your web client changes it
> >I don't think that email-based distribution will scale very well. ;)
> True :)
> -- Jim
More information about the Snort-users