Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about a bug that databae storing packet payload

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Wed, 30 Sep 2015 17:41:31 +0000
Hello,

Do you have a conf and pcap that you can share?

Also.. is there a reason why you are using snort 2.9.0? That has been EOL for a VERY long time.

FYI… Snort 2.9.7.5 is available as well as Snort++ (for testing).



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: 강명훈 [mailto:mhkang589 () gmail com]
Sent: Thursday, September 17, 2015 6:40 AM
To: snort-devel () lists sourceforge net
Subject: [Snort-devel] Question about a bug that databae storing packet payload

HI

I use the snort 2.9.0.4(win ver) being.
By the way, sometimes the two packets are stored in one.
Below the sample data_payload.

GET /blog.intro.section.screen HTTP/1.1 Host: blog.moneta.co.kr<http://blog.moneta.co.kr> Accept-Encoding: gzip 
Accept-Language: ko-KR, en-US User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; ko-kr; IM-T100K Build/GINGERBREAD) 
AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 Cookie: C2A=bgT%2C2%2C13; F2C=tL5552xabzQ!; 
F2E=truese; F2G=F; GET /view/intro/blogger_info_iframe.jsp HTTP/1.1 Host: blog.moneta.co.kr<http://blog.moneta.co.kr> 
Accept-Encoding: gzip Referer: http://blog.moneta.co.kr/blog.intro.section.screen Accept-Language: ko-KR, en-US 
User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; ko-kr; IM-T100K Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like 
Gecko) Version/4.0 Mobile Safari/533.1 Cookie: JSESSIONID=q4MJTSRdnJyq3kf1QL4vvLgJG7LnL1JjdhJv36QgB2WnlmJftxyQ;

Can someone help me?
Thank you.

Best regards.
--
-----------------------
Kang Myoung-hun
-----------------------
+82-10 6604 6084
kangmyounghun.blogspot.kr<http://kangmyounghun.blogspot.kr/>
kr.linkedin.com/pub/myounghun-kang/74/238/93a<http://kr.linkedin.com/pub/myounghun-kang/74/238/93a>

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: