Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Compound Signature

From: bahamin takhtaei <b_takhtaei () yahoo com>
Date: Wed, 21 Jan 2009 06:27:06 -0800 (PST)
Hi,
How can I find a specific content in a tcp stream?
I add these rules to Snort:

alert tcp any 1:65535 -> any 1:65535 (msg:"content test"; flow:established; content:"cart directory"; sid:1000000;)
alert tcp any 1:65535 -> any 1:65535 (msg:"content test"; flow:only_stream; content:"cart directory"; sid:1000001;)

but It's not work correct.

Thank you.





      
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: