[Snort-users] Snort 2.1 Intrusion Detection Book - CD ROM file

Ibrahim Ahmed ibrahim10.h at gmail.com
Fri Sep 29 14:59:42 EDT 2017


Hi everyone.

I'm going through the book "Snort 2.1 Intrusion Detection" by Baker,
Caswell, and Poor.

In Chapter 4, 'Inner Workings', the authors guide the user through writing
their own detection plugin. To test the plugin, they require use of the
book's accompanying CD-ROM, which they state contains ".*.. a pcap file
with an urg flag, with the tcp urgent pointer value of 0.*"

I've looked in the CD-ROM's "*\Bin\05\libpcap-0.8.3\" *directory and its
subdirectories and files and am unable to locate the string "urg" or
"tcp_urg" in any of the files named "pcap".

Has anyone previously been able to find such a pcap file in the CD? Is
there an alternate way to create such a file with the specified 'urg flag'?

Many thanks,
Ibrahim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170929/cb58461e/attachment.html>


More information about the Snort-users mailing list