[Snort-users] Fwd: [snort-user] About packet content

Joel Esler jesler at ...1935...
Fri Sep 6 09:00:13 EDT 2013


So, you are asking if we can know the content of the traffic, before
the traffic arrives?

On Fri, Sep 6, 2013 at 1:52 AM, Mayur Patil <ram.nath241089 at ...11827...> wrote:
> hello,
>
>       I have one question might be foolish......
>
>       In snort rule we define content for packets
>
>       like content:|00 36 90 23 08|
>
>       is there anyway to know what content does incoming data is having
>
>       before attack is performed ? Any prototype which defines specific
> structure ?
>
>       Seeking for guidance,
>
>       Thanks !
> --
> Cheers,
> Mayur.
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!



-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire




More information about the Snort-users mailing list