Re: HTTP Filtering using Snort

["Rodrigo Montoro(Sp0oKeR)" <spooker () gmail com>]

Not good to use in real time traffic but analyzing a pcap I don't see
any  performance problem. Take a log at tag rules into snort rule

http://manual.snort.org/node528.html

Hope it helps.

Regards,

On Sun, Jan 13, 2013 at 4:08 PM, Sharon Sahar <sharon.sahar () gmail com> wrote:
> And use something like http.host ?
> But this will only filter the first packet of the GET, not thw whole HTTP
> session ...
>
>
> On Sun, Jan 13, 2013 at 7:26 PM, Heine Lysemose <lysemose () gmail com> wrote:
> > bpf-filter
>
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_123012
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!



-- 
Rodrigo Montoro (Sp0oKeR)
http://spookerlabs.blogspot.com
http://www.twitter.com/spookerlabs
http://www.linkedin.com/in/spooker

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_123012
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!