Snort mailing list archives
rule over tcp stream
From: Shoufu Luo <luoshoufu () gmail com>
Date: Thu, 16 Jun 2016 10:02:33 -0400
Hi guys, I am searching for the guide to experiment a detector based on several initial packets of a TCP stream (after TCP established) for snort. Here is what I need Specify a rule which requests a notification of a TCP stream that has been established and receives all packets (preferable tcp segment only if possible) associated with a particular tcp stream dual-direction, then after a few packets, my detector may raise an alert based on the rule specified. and what if against several signatures?) PS, it does not have to assemble all packets for each stream as long as each packets can associated with a particular stream. I looked into preprocessor, but not sure whether that will works. Any suggestion? Sean --- There is no such a thing called randomness.
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- rule over tcp stream Shoufu Luo (Jun 16)