Snort mailing list archives
Re: HTTP Filtering using Snort
From: Heine Lysemose <lysemose () gmail com>
Date: Sun, 13 Jan 2013 18:26:12 +0100
Hi To accomplish this you can make a bpf-filter to only look at traffic to/from a specific host. /Lysemose On Jan 13, 2013 5:45 PM, "Sharon Sahar" <sharon.sahar () gmail com> wrote:
Hi, I'm using the latest version of Snort on Linux. Is there a way of using snort to filter traffic (in RT or from existing PCAP file) in similar to "Follow TCP stream" in wireshark? For example, if i have an HTTP get request to specific host which takes 2 packets and the response that returns occupies 4 packets, is there a feature/rule syntax in snort that will allow me to filter the whole HTTP session (all the 6 packets) to this host by hostname Thanks! ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_123012 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- HTTP Filtering using Snort Sharon Sahar (Jan 13)
- Re: HTTP Filtering using Snort Heine Lysemose (Jan 14)
- Re: HTTP Filtering using Snort Sharon Sahar (Jan 13)
- Re: HTTP Filtering using Snort Rodrigo Montoro(Sp0oKeR) (Jan 13)
- Re: HTTP Filtering using Snort Sharon Sahar (Jan 13)
- Re: HTTP Filtering using Snort Heine Lysemose (Jan 14)