Snort mailing list archives

Re: Urgent Pointer

From: "Pittigher, Raymond" <RPITTIGH () harris com>
Date: Thu, 30 Jun 2016 17:55:52 +0000

I tried the ack keyword but I found no option for !0 or looking for anything but zero. It seems to either want 0 or a 
exact number.


-
Ray Pittigher
--Harris
--phone 973-284-2275
--email raymond.pittigher () harris com

________________________________________
From: Al Lewis (allewi) <allewi () cisco com>
Sent: Thursday, June 30, 2016 1:49 PM
To: Pittigher, Raymond (U.S. Person); snort-sigs () lists sourceforge net
Subject: Re: [Snort-sigs] Urgent Pointer

Offset is used for content.

Try this:

For flags: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION00468000000000000000

For ack number: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION004612000000000000000


Thanks.

Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Email: allewi () cisco com








On 6/30/16, 1:29 PM, "Pittigher, Raymond" <RPITTIGH () harris com> wrote:

I am trying, but have not succeeded yet, to read data in the "urgent pointer" or "acknowledgement number" fields. I am 
trying with the offset option assuming it must be a negative number? I am using snort on the command line with a pcap 
file. Anybody ever do this?
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Urgent Pointer Pittigher, Raymond (Jun 30)
- Re: Urgent Pointer Y M (Jun 30)
- <Possible follow-ups>
- Re: Urgent Pointer Al Lewis (allewi) (Jun 30)
  - Re: Urgent Pointer Pittigher, Raymond (Jun 30)
    - Re: Urgent Pointer Al Lewis (allewi) (Jun 30)
    - Re: Urgent Pointer Pittigher, Raymond (Jun 30)
    - Re: Urgent Pointer Geoffrey Serrao (Jun 30)
    - Re: Urgent Pointer Pittigher, Raymond (Jun 30)