[Snort-users] missing HTML code

Jefferson, Shawn Shawn.Jefferson at ...14448...
Wed Nov 25 12:09:54 EST 2009


Hi,

You may not be inspecting the traffic that deep into the http session, or perhaps your snort setup is not send the alerts since it has already alerted the maximum number of times on that traffic.

There are a couple of settings in Snort that you probably will want to look into:

http_inspect server_flow_depth, client_flow_depth

and

config event_queue

http://www.snort.org/assets/125/snort_manual-2_8_5_1.pdf



________________________________
From: Adam Szabo [mailto:adamx001 at ...11827...]
Sent: Wednesday, November 25, 2009 3:24 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] missing HTML code

Hi,

I'm trying to capture HTML code in a packet's payload using Snort under Ubuntu Linux. I made a very simple HTML file and uploaded it to a free hosting service.
I configured Snort to capture any TCP/UDP packets and then i visited the website with Firefox. I got 23 alerts, lost of packets without payload (i guess this is just a discussion between the server and my computer about what i need from the server and how?) and only two packets with a payload, but both only HTTP headers. Where is the HTML code?

Thank you,
Adam Szabo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091125/ccd193d0/attachment.html>


More information about the Snort-users mailing list