[Snort-users] BASE Payload Search

Jeffrey Denton dentonj at ...11827...
Thu Jul 5 09:07:07 EDT 2007


On 7/5/07, Humes, David G. <David.Humes at ...383...> wrote:
>
> Hey Everyone,
> We use BASE for watching our Snort alerts, and would really like to be able
> to do a payload search.   But it does not appear to work. I saw some early
> posts about this on the BASE list saying that it never worked in ACID.  Does
> anyone have this working?  I'm running BASE 1.3.6.  I've already posted this
> on the BASE list and haven't received any replies.  I though it might get a
> little more visibility over here.  My process flow for searching is:

It works for me(TM).  I'm using Base 1.3.6.

Input Criteria Encoding Type: ascii
Convert To (when searching): hex
has USER

Where USER is the string I'm searching for.  Sometimes it's easier to
search using hex.

Input Criteria Encoding Type: hex
Convert To (when searching): hex
has 55534552

Where 55534552 is the search string.  Notice there are no spaces
between the hex numbers.




More information about the Snort-users mailing list