Snort mailing list archives
Re: Rules question
From: Wei Chea Ang <weichea () gmail com>
Date: Fri, 2 Dec 2016 10:05:32 +0800
Replay the packets and see what rule triggers. On Dec 2, 2016 9:54 AM, "neil ramsarran" <neilramsarran () hotmail com> wrote:
I'm having the same problem , I cannot seem to get the assignment done with running winpractice txt file on the snort. any help will be highly appreciated Thanks ------------------------------ *From:* Atanas Hambardzhiev <atanasn3 () gmail com> *Sent:* Wednesday, November 30, 2016 10:16 PM *To:* snort-sigs () lists sourceforge net *Subject:* [Snort-sigs] Rules question Hello all, First i would like to express my gratitude for great snort project you have created and the countless hours you put to make it better and up to date. I am having difficulty understanding how rules are created and composed. The more time i spent better i get at the whole idea behind it, but still some things are unclear. In my example, i am given two wireshark packets and i have to understand by which(under) snort rules those packets are conceived. [image: Inline image 1] [image: Inline image 2] [image: Inline image 3] Packet 8 [image: Inline image 4] [image: Inline image 5] Here are all the detail about the Frames/Packets 7 and 8. There are generated under specific rule which are specified in snort rule list. I dont have the list to look it up, so i am trying to figure out the rules. Can you please identify these 2 rules? Thanks in advance!! Best, ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Rules question Atanas Hambardzhiev (Dec 01)
- Re: Rules question Alex McDonnell (Dec 01)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question Chris Pyles (Dec 01)
- Re: Rules question lists (Dec 01)
- Re: Rules question lists (Dec 01)
- Re: Rules question neil ramsarran (Dec 04)
- Re: Rules question Joel Esler (jesler) (Dec 04)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question Wei Chea Ang (Dec 02)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question lists (Dec 01)