Re: RE : Re: http_header usage

[Cagri Ersen <cagri.ersen () gmail com>]

Hi Rmkml,

On Tue, Apr 22, 2014 at 8:05 PM, rmkml <rmkml () yahoo fr> wrote:

> Please try disable cksum verification? ( -k none )

Unfortunately, it didn't work.

This is very strange problem since the snort extracts the headers but
http_keywords just ignore them.
Here is the http_inspect summary for a http request:

HTTP Inspect - encodings (Note: stream-reassembled packets included):
    POST methods:                         0
    GET methods:                          1
    HTTP Request Headers extracted:       1
    HTTP Request Cookies extracted:       0
    Post parameters extracted:            0
    HTTP response Headers extracted:      1
    HTTP Response Cookies extracted:      1
    Unicode:                              0
    Double unicode:                       0
    Non-ASCII representable:              0
    Directory traversals:                 0
    Extra slashes ("//"):                 0
    Self-referencing paths ("./"):        0
    HTTP Response Gzip packets extracted: 0
    Gzip Compressed Data Processed:       n/a
    Gzip Decompressed Data Processed:     n/a
    Total packets processed:              60


-- 
Cagri Ersen
http://www.syslogs.org

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!