RE : Re: http_header usage

[rmkml <rmkml () yahoo fr>]

Hi cagri, 
Please try disable cksum verification? ( -k none )
Regards
@Rmkml



-------- Message d'origine --------
De : Cagri Ersen <cagri.ersen () gmail com> 
Date :  
A : snort-sigs () lists sourceforge net 
Objet : Re: [Snort-sigs] http_header usage 
 

On Tue, Apr 22, 2014 at 4:18 PM, lists () packetmail net <lists () packetmail net> wrote:
 
I'm pretty sure that based on those configuration directives with values being
set to zero you've effectively disabled the http_* buffers.


I've tried that with none-zero values too, but there is no any progress. I think I just figure out the problem. It 
seems it's related with VMware. 
This setup is running on a vmware fusion instance and http_keywords don't work at all, but if I run the same setup with 
same conf on a physical server then it works! (I can capture the traffic on the vm guest by using tcpdump or wireshark 
without any problem, so it shouldn't be an issue with "sniffing".)

I've tried it on VMWare Fusion and ESX 5.0 hosts and both of them have the same problem with http_* keywords.


-- 
Cagri Ersen
http://www.syslogs.org

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!