[Snort-users] Snort 2.9.13 not recognizing server response in PCAP.
researchitdammit at gmail.com
Thu May 30 13:04:42 EDT 2019
I have a situation where snort does not appear to be recognizing packets
that I have in a PCAP. The packet in question is a simple HTTP server
response. The rule is setup to read content in the packet.
The server port is 8080. At this point, I can not figure out which
configuration setting to change to get snort to parse the server response.
alert tcp any any -> any any \
msg: "Alert"; \
sid:6000002; rev:1; \
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users