[Snort-users] Snort 2.1 Intrusion Detection Book - CD ROM file

Al Lewis (allewi) allewi at cisco.com
Fri Sep 29 16:01:57 EDT 2017


Hello,

Snort 2.1 is SEVERELY outdated so I wont be able to help you with the cdrom stuff sorry… :-(

But … here is a pcap (one packet) with the urg pointer set and the urgent pointer value set to zero (attached).

If this isnt what you need or you need more let us know :-)

Thanks!


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-users <snort-users-bounces at lists.snort.org<mailto:snort-users-bounces at lists.snort.org>> on behalf of Ibrahim Ahmed via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>>
Reply-To: Ibrahim Ahmed <ibrahim10.h at gmail.com<mailto:ibrahim10.h at gmail.com>>
Date: Friday, September 29, 2017 at 2:59 PM
To: "snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>" <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>>
Subject: [Snort-users] Snort 2.1 Intrusion Detection Book - CD ROM file

Hi everyone.

I'm going through the book "Snort 2.1 Intrusion Detection" by Baker, Caswell, and Poor.

In Chapter 4, 'Inner Workings', the authors guide the user through writing their own detection plugin. To test the plugin, they require use of the book's accompanying CD-ROM, which they state contains "... a pcap file with an urg flag, with the tcp urgent pointer value of 0."

I've looked in the CD-ROM's "\Bin\05\libpcap-0.8.3\" directory and its subdirectories and files and am unable to locate the string "urg" or "tcp_urg" in any of the files named "pcap".

Has anyone previously been able to find such a pcap file in the CD? Is there an alternate way to create such a file with the specified 'urg flag'?

Many thanks,
Ibrahim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170929/fddb2431/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ibrahim.pcap
Type: application/octet-stream
Size: 114 bytes
Desc: ibrahim.pcap
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170929/fddb2431/attachment.obj>


More information about the Snort-users mailing list