Snort mailing list archives
Confused on obfuscation
From: "Paul Farley" <Paul.Farley () EventLevel com>
Date: Mon, 11 Mar 2002 12:06:26 -0500
That's a mouthful!
I can't seem to get this to work as I think it's supposed to, any ideas
on what I'm doing wrong?
I want to obfuscate my home_net addresses.( In this case specifically
this host for this example) but not the external addresses. Everytime I
do this, it blanks all the addresses.
snort -dvr log -O -h MY.NET.9.170/32 'host 66.76.77.48 and (port 4832
and port 80)'
Log directory = /var/log/snort
TCPDUMP file reading mode.
Reading network traffic from "log" file.
snaplen = 150
--== Initializing Snort ==--
--== Initialization Complete ==--
-*> Snort! <*-
Version 1.8.4-beta5 (Build 98)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
02/16-03:25:26.647724 xxx.xxx.xxx.xxx:4832 -> xxx.xxx.xxx.xxx:80
TCP TTL:115 TOS:0x0 ID:26092 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE74AC174 Ack: 0x4A529D53 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 72 6F 6F GET /scripts/roo
74 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 t.exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 P/1.0..Host: www
0D 0A 43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 ..Connnection: c
6C 6F 73 65 0D 0A 0D 0A lose....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
Any suggestions are most appreciated.
Regards,
Paul Farley
EventLevel, Inc.
http://www.eventlevel.com
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Dr.
Richard W. Tibbs
Sent: Monday, March 11, 2002 10:37 AM
To: Roelof JT Jonkman
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Finding a Win32 Snort
I looked at the IDScenter config panels today after installing on Win2K.
It seems there is no socket logging facility available thru IDScenter.
(i.e. like snort -A unsock ...)
Is this true?
Would I need to use command line to use a socket program to capture
packet data?
Roelof JT Jonkman wrote:
All, A whole variety of 'plain' versions of Windows Snort are available from
here:
http://www.silicondefense.com/techsupport/downloads.htm Mostly courtesy of Chris Reid, Michael Steele, and Joe McAlerney. roel _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Finding a Win32 Snort Djinn D'Angel (Mar 08)
- Re: Finding a Win32 Snort Joe McAlerney (Mar 08)
- Re: Finding a Win32 Snort John Sage (Mar 08)
- Message not available
- RE: Finding a Win32 Snort - Thank you. Djinn D'Angel (Mar 12)
- <Possible follow-ups>
- RE: Finding a Win32 Snort Frank Knobbe (Mar 08)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 08)
- Re: Finding a Win32 Snort Dr. Richard W. Tibbs (Mar 11)
- Confused on obfuscation Paul Farley (Mar 11)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 11)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 08)