[Snort-users] Snort binary search

mosquitooth at ...158... mosquitooth at ...158...
Fri Feb 11 14:10:12 EST 2005


Hi,

some trivial (nethertheless important) question: When I do search for a
given pattern in a snort rule - does the search start at the beginning of
the payload (AFTER all the eth/ip/tcp/udp/... headers) or right at the
beginning: byte 1 (of the ethernet header) that was sent on the wire?

Thanks,

Peter

-- 
DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl




More information about the Snort-users mailing list