[Snort-users] Finding specific File transfers with Snort?

Neil Dickey neil at ...1633...
Thu Apr 26 12:42:53 EDT 2001


Jürgen Nieveler <Juergen.Nieveler at ...1917...> wrote asking:

>I'm rather new to Snort, and don't know if this has been covered before:
>
>Can you use Snort to find out if there is a command "put swinger.jpg" in a
>FTP Session?

FTP sessions can be tricky to monitor, but what you are looking for is the
"content" rule option.  Go to www.snort.org, click on "Writing Snort Rules,"
and then look for the instructions on the "content" directive.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115







More information about the Snort-users mailing list