Snort mailing list archives
Re: RE : Re: http_header usage
From: Cagri Ersen <cagri.ersen () gmail com>
Date: Tue, 22 Apr 2014 20:22:50 +0300
Hi Rmkml, On Tue, Apr 22, 2014 at 8:05 PM, rmkml <rmkml () yahoo fr> wrote:
Please try disable cksum verification? ( -k none )
Unfortunately, it didn't work. This is very strange problem since the snort extracts the headers but http_keywords just ignore them. Here is the http_inspect summary for a http request: HTTP Inspect - encodings (Note: stream-reassembled packets included): POST methods: 0 GET methods: 1 HTTP Request Headers extracted: 1 HTTP Request Cookies extracted: 0 Post parameters extracted: 0 HTTP response Headers extracted: 1 HTTP Response Cookies extracted: 1 Unicode: 0 Double unicode: 0 Non-ASCII representable: 0 Directory traversals: 0 Extra slashes ("//"): 0 Self-referencing paths ("./"): 0 HTTP Response Gzip packets extracted: 0 Gzip Compressed Data Processed: n/a Gzip Decompressed Data Processed: n/a Total packets processed: 60 -- Cagri Ersen http://www.syslogs.org
------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- RE : Re: http_header usage rmkml (Apr 22)
- Re: RE : Re: http_header usage Cagri Ersen (Apr 22)
- Re: RE : Re: http_header usage rmkml (Apr 22)
- Re: RE : Re: http_header usage Cagri Ersen (Apr 22)
- Re: RE : Re: http_header usage Cagri Ersen (Apr 23)
- Re: RE : Re: http_header usage lists () packetmail net (Apr 23)
- Re: RE : Re: http_header usage Cagri Ersen (Apr 23)
- Re: RE : Re: http_header usage rmkml (Apr 22)
- Re: RE : Re: http_header usage Cagri Ersen (Apr 22)