Snort mailing list archives
Re: (no subject)
From: wkitty42 () windstream net
Date: Fri, 18 Aug 2017 11:13:34 -0400
On 08/18/2017 09:30 AM, Omar Johnatan Lopez Carrillo wrote:
Buenos días amigostengo la siguiente regla pero no me manda alerta, pido de su ayuda para saber que es lo que estoy haciendo malalert tcp any any -> any any (content:"https://www.facebook.com";msg:"entro a facebook";sid:1000002;rev:001;)
what, exactly, are you looking for? you won't find that content in the actual request. you might find it in a document but the request is not formed that way.
have you tried using a tool like wireshark to capture the packets of a request like that? that's what you need to use to see and understand where to look for your content items for any rules you write.
en español:¿Que es exactamente lo que está buscando? No encontrará ese contenido en la solicitud real. Usted puede encontrarlo en un documento, pero la solicitud no se forma de esa manera.
¿Ha intentado utilizar una herramienta como wireshark para capturar los paquetes de una solicitud como esa? Eso es lo que necesita para ver y entender dónde buscar sus artículos de contenido para las reglas que escriba.
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Damian Torres via Snort-users (Aug 02)
- Re: (no subject) Omar Johnatan Lopez Carrillo (Aug 02)
- Re: (no subject) Damian Torres via Snort-users (Aug 02)
- (no subject) Omar Johnatan Lopez Carrillo (Aug 08)
- Re: (no subject) Paulo Angelo (Aug 09)
- (no subject) Omar Johnatan Lopez Carrillo (Aug 09)
- Re: (no subject) Marcin Dulak via Snort-users (Aug 09)
- Re: (no subject) Joel Esler (jesler) via Snort-users (Aug 09)
- Re: (no subject) Marcin Dulak via Snort-users (Aug 09)
- (no subject) Михаил Локтионов via Snort-users (Aug 15)
- (no subject) Marco Bonilla via Snort-users (Aug 17)
- (no subject) Omar Johnatan Lopez Carrillo (Aug 18)
- Re: (no subject) wkitty42 (Aug 18)
- Re: (no subject) Al Lewis (allewi) via Snort-users (Aug 18)
- (no subject) stephane Eteme via Snort-users (Sep 13)
- (no subject) salah ali via Snort-users (Sep 20)
- (no subject) Paul O'Brien via Snort-users (Sep 30)
- (no subject) marcel cahya via Snort-users (Sep 30)