Snort mailing list archives

test string not alerting

From: Sean <sean.barmettler () gmail com>
Date: Thu, 27 Aug 2015 13:04:48 -0600

I can do a simple ICMP alert that works:
alert icmp any any -> 20.1.1.10 any ( msg: "ICMP packet to high value
target!"; sid: 1; rev:1; priority: 1;)

Yet I cant create a simple text string detector to detect HTML strings:
alert tcp any any <> any any (msg:"somebody farted"; content:"poop"; sid:
2; rev:2; priority: 1;)


I wouldnt waste a mailing lists time with this, but I've setup an entire
ESXI lab with routers, switches, security monitors, and THIS.. THIS is what
is stumping me.

hints/clues/suggestions welcome.

thanks.

Sean

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

test string not alerting Sean (Aug 27)
- Re: test string not alerting Al Lewis (allewi) (Aug 27)
- Re: test string not alerting Y M (Aug 27)
  - Re: test string not alerting Sean (Aug 27)
    - Re: test string not alerting snort (Aug 27)
- Re: test string not alerting waldo kitty (Aug 27)