Snort mailing list archives
Re: Urgent Pointer
From: "Pittigher, Raymond" <RPITTIGH () harris com>
Date: Thu, 30 Jun 2016 19:34:30 +0000
Here are 2 captures of the things I am trying to catch - Ray Pittigher --Harris --phone 973-284-2275 --email raymond.pittigher () harris com ________________________________________ From: Al Lewis (allewi) <allewi () cisco com> Sent: Thursday, June 30, 2016 2:03 PM To: Pittigher, Raymond (U.S. Person); snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] Urgent Pointer Can you provide an example of the rule/pcap and what you are trying to do? Thanks. Albert Lewis QA SNORT/Sourcefire SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Email: allewi () cisco com On 6/30/16, 1:55 PM, "Pittigher, Raymond" <RPITTIGH () harris com> wrote:
I tried the ack keyword but I found no option for !0 or looking for anything but zero. It seems to either want 0 or a exact number. - Ray Pittigher --Harris --phone 973-284-2275 --email raymond.pittigher () harris com ________________________________________ From: Al Lewis (allewi) <allewi () cisco com> Sent: Thursday, June 30, 2016 1:49 PM To: Pittigher, Raymond (U.S. Person); snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] Urgent Pointer Offset is used for content. Try this: For flags: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION00468000000000000000 For ack number: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION004612000000000000000 Thanks. Albert Lewis QA SNORT/Sourcefire SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Email: allewi () cisco com On 6/30/16, 1:29 PM, "Pittigher, Raymond" <RPITTIGH () harris com> wrote:I am trying, but have not succeeded yet, to read data in the "urgent pointer" or "acknowledgement number" fields. I am trying with the offset option assuming it must be a negative number? I am using snort on the command line with a pcap file. Anybody ever do this? ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Urgent Pointer Pittigher, Raymond (Jun 30)
- Re: Urgent Pointer Y M (Jun 30)
- <Possible follow-ups>
- Re: Urgent Pointer Al Lewis (allewi) (Jun 30)
- Re: Urgent Pointer Pittigher, Raymond (Jun 30)
- Re: Urgent Pointer Al Lewis (allewi) (Jun 30)
- Re: Urgent Pointer Pittigher, Raymond (Jun 30)
- Re: Urgent Pointer Geoffrey Serrao (Jun 30)
- Re: Urgent Pointer Pittigher, Raymond (Jun 30)
- Re: Urgent Pointer Pittigher, Raymond (Jun 30)