Snort mailing list archives
Confused on obfuscation
From: "Paul Farley" <Paul.Farley () EventLevel com>
Date: Mon, 11 Mar 2002 12:06:26 -0500
That's a mouthful! I can't seem to get this to work as I think it's supposed to, any ideas on what I'm doing wrong? I want to obfuscate my home_net addresses.( In this case specifically this host for this example) but not the external addresses. Everytime I do this, it blanks all the addresses. snort -dvr log -O -h MY.NET.9.170/32 'host 66.76.77.48 and (port 4832 and port 80)' Log directory = /var/log/snort TCPDUMP file reading mode. Reading network traffic from "log" file. snaplen = 150 --== Initializing Snort ==-- --== Initialization Complete ==-- -*> Snort! <*- Version 1.8.4-beta5 (Build 98) By Martin Roesch (roesch () sourcefire com, www.snort.org) 02/16-03:25:26.647724 xxx.xxx.xxx.xxx:4832 -> xxx.xxx.xxx.xxx:80 TCP TTL:115 TOS:0x0 ID:26092 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xE74AC174 Ack: 0x4A529D53 Win: 0x4470 TcpLen: 20 47 45 54 20 2F 73 63 72 69 70 74 73 2F 72 6F 6F GET /scripts/roo 74 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 t.exe?/c+dir HTT 50 2F 31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 P/1.0..Host: www 0D 0A 43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 ..Connnection: c 6C 6F 73 65 0D 0A 0D 0A lose.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ Any suggestions are most appreciated. Regards, Paul Farley EventLevel, Inc. http://www.eventlevel.com -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Dr. Richard W. Tibbs Sent: Monday, March 11, 2002 10:37 AM To: Roelof JT Jonkman Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Finding a Win32 Snort I looked at the IDScenter config panels today after installing on Win2K. It seems there is no socket logging facility available thru IDScenter. (i.e. like snort -A unsock ...) Is this true? Would I need to use command line to use a socket program to capture packet data? Roelof JT Jonkman wrote:
All, A whole variety of 'plain' versions of Windows Snort are available from
here:
http://www.silicondefense.com/techsupport/downloads.htm Mostly courtesy of Chris Reid, Michael Steele, and Joe McAlerney. roel _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Finding a Win32 Snort Djinn D'Angel (Mar 08)
- Re: Finding a Win32 Snort Joe McAlerney (Mar 08)
- Re: Finding a Win32 Snort John Sage (Mar 08)
- Message not available
- RE: Finding a Win32 Snort - Thank you. Djinn D'Angel (Mar 12)
- <Possible follow-ups>
- RE: Finding a Win32 Snort Frank Knobbe (Mar 08)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 08)
- Re: Finding a Win32 Snort Dr. Richard W. Tibbs (Mar 11)
- Confused on obfuscation Paul Farley (Mar 11)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 11)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 08)