[Snort-users] Snort on WindowsXP

Michael Steele michaels at ...9077...
Sat Jul 6 16:37:26 EDT 2013

You might want to explain to him how this converts to Windows :)

grep -i -E "shellcode" /path/to/your/rules/*.rules
est regards,

WINSNORT.com Management

****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *

-----Original Message-----
From: waldo kitty [mailto:wkitty42 at ...14940...] 
Sent: Saturday, July 06, 2013 9:21 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort on WindowsXP

On 7/6/2013 02:19, MCLEOD, DONNIE wrote:
> Hi Snort users,can someone help with code alert for Snort to detect 
> shell code on the above conf Snort is run in IDS mode using the 
> following command line; snort -c C:\snort\etc\snort.conf -l 
> C:\snort\log -i 1
> Iam trying to get the IDS to trigger an alert on detection,thanks.

is this a school assignment?

there are already (139) existing shellcode related rules available... do
they not fit your needs?

grep -i -E "shellcode" /path/to/your/rules/*.rules

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

This SF.net email is sponsored by Windows:

Build for Windows Store.

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort

More information about the Snort-users mailing list