[Snort-users] Snort Alert Content Telnet

kaihansen kaihansen at ...7874...
Thu Apr 17 09:53:05 EDT 2003


Hi all.

I'm trying to catch content on telnet packets, but I've some problem

I've tried this rule

alert tcp any any -> any 23 (msg "TEST"; content "test"; rawbytes;
nocase; )

then I try to telnet to my router and issue test command, but there
are any alarm ...
If I "invert" rule

alert tcp any 23 -> any any (msg "TEST"; content "test"; rawbytes;
nocase; )

when router reply with "Translating error for test"

then snort send an alarm ...

I've tried with tcpdump on the same interface where snort works, and
packets come in correctly ...

I don't know why ... any idea? I'm using snort 1.9.1

Thanks, Kai 

PS: sorry for duplicates ....










--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:
Consigli su piante, fiori e bonsai? Affidati a Mr. Green, clicca qui!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=749&d=17-4




More information about the Snort-users mailing list