[Snort-users] How to detect OS with Snort?

Borja Luaces borja.luaces at ...11827...
Tue May 8 09:26:58 EDT 2012


Good afternoon,

First of all I have to say that I am new to Snort.

I am trying to create an alert rule to detect the OS but everytime I try it
it seems not to work.

The rule looks like the following one:

alert tcp any any -> any any (content:"Windows NT";msg:"Microsoft OS
detected";)

Any help?

Thanks for your time

-- 
Borja Luaces Altares
Administrador/Analista de Sistemas (MCSE Security,C|EH & CSSA)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120508/7c1ae5d2/attachment.html>


More information about the Snort-users mailing list