Snort mailing list archives
RE: FW: uricontent vs. content
From: "larosa, vjay" <larosa_vjay () emc com>
Date: Wed, 30 Oct 2002 20:14:36 -0500
Hi Chris, I tested this and all of the data was in one packet. I will try testing this tomorrow AM with no dsize option with and with out the uricontent to see what happens. Thanks! vjl -----Original Message----- From: Chris Green [mailto:cmg () snort org] Sent: Wednesday, October 30, 2002 5:49 PM To: larosa, vjay Cc: 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] FW: uricontent vs. content "larosa, vjay" <larosa_vjay () emc com> writes:
From: "larosa, vjay" <larosa_vjay () emc com> Subject: [Snort-users] FW: uricontent vs. content To: "'snort-users () lists sourceforge net'"
<snort-users () lists sourceforge net>
Date: Wed, 30 Oct 2002 15:20:18 -0500 Hello, Anybody have any ideas on this post I made last night? Thanks!
I'm betting its because GET /default ida?XXXXX is pushed through as 2 packets instead and that the dsize check is not true for stream packets. I'm having Brian remove that and I'll go and make sure that distance/within works correctly before 1.9.1... -- Chris Green <cmg () sourcefire com> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- uricontent vs. content larosa, vjay (Oct 29)
- Re: uricontent vs. content Andreas Östling (Oct 31)
- <Possible follow-ups>
- FW: uricontent vs. content larosa, vjay (Oct 30)
- Re: FW: uricontent vs. content Chris Green (Oct 30)
- RE: FW: uricontent vs. content larosa, vjay (Oct 30)
- RE: uricontent vs. content larosa, vjay (Oct 31)
- RE: uricontent vs. content larosa, vjay (Oct 31)
- Re: uricontent vs. content Chris Green (Oct 31)