Re: missing HTML code

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

Hi,

You may not be inspecting the traffic that deep into the http session, or perhaps your snort setup is not send the 
alerts since it has already alerted the maximum number of times on that traffic.

There are a couple of settings in Snort that you probably will want to look into:

http_inspect server_flow_depth, client_flow_depth

and

config event_queue

http://www.snort.org/assets/125/snort_manual-2_8_5_1.pdf



________________________________
From: Adam Szabo [mailto:adamx001 () gmail com]
Sent: Wednesday, November 25, 2009 3:24 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] missing HTML code

Hi,

I'm trying to capture HTML code in a packet's payload using Snort under Ubuntu Linux. I made a very simple HTML file 
and uploaded it to a free hosting service.
I configured Snort to capture any TCP/UDP packets and then i visited the website with Firefox. I got 23 alerts, lost of 
packets without payload (i guess this is just a discussion between the server and my computer about what i need from 
the server and how?) and only two packets with a payload, but both only HTTP headers. Where is the HTML code?

Thank you,
Adam Szabo

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users