[Snort-users] Need help with byte_test

waldo kitty wkitty42 at ...14940...
Tue Feb 12 12:53:54 EST 2013


On 2/12/2013 01:46, sandeep mlist wrote:
> Hi,
> I need to test if a content-length is zero. Here is the response
> "HTTP/1.1 200 OK
> Date: Wed, 23 Jan 2013 23:44:06 GMT
> Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
> Last-Modified: Wed, 23 Jan 2013 23:39:47 GMT
> ETag: "0-4d3fd35aaeb66"
> Accept-Ranges: bytes
> Content-Length: 0"
>
> I am checking for "content:"|0a|content-length:" and i need to test if length is
> zero using byte_test. Please help me.

firstly, there is a difference between "Content-Length:" and 
"content-length:"... ensure that detection of "Content-Length:" is accurate and 
then move to the next step of checking the number...





More information about the Snort-users mailing list