Re: how to create testing data files??

[Joel Esler <jesler () sourcefire com>]

On Aug 14, 2010, at 8:17 PM, waldo kitty <wkitty42 () windstream net> wrote:

> On 8/14/2010 19:56, Joel Esler wrote:
> > On Aug 14, 2010, at 7:44 PM, waldo kitty<wkitty42 () windstream net>  wrote:
> >
> > > concerning if within
> > > takes into account the distance or not...
> > Clarify.
>
> well, i've tried on that other list...
>
> i'll try again over here...
>
> given the following rule structure...
>
> content:"ABC"; content:"EFG"; distance:1; within:10;
>
> which of the following strings do NOT alert and why?
>
>  1. ABCEFG

No. E is in position "distance:0"

>  2. ABCxEFG

Yes. 


>  3. ABCx123456EFG

Yes. 


>  4. ABCx1234567EFG

Yes. 

>  5. ABCx12345678EFG

No. G is in position 11. 

>  6. ABCx123456789EFG

No.  G is in position 12


>  7. ABCxx123456EFG

Yes. The first "x" is distance 0. The second is distance 1. 


>  8. ABCxx1234567EFG

No, too long. G is in position 11


>  9. ABCxx12345678EFG

No, too long. G is in position 12. 

> 10. ABCxx123456789EFG

No. Too long. G is in position 13.  

Does that help?

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users