Snort mailing list archives
Re: Rules question
From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Thu, 1 Dec 2016 08:55:52 -0500
Hi Atanas, you can download the list of snort rules to help you figure this out from https://snort.org/downloads/#rule-downloads. thanks Alex McDonnell On Wed, Nov 30, 2016 at 10:16 PM, Atanas Hambardzhiev <atanasn3 () gmail com> wrote:
Hello all, First i would like to express my gratitude for great snort project you have created and the countless hours you put to make it better and up to date. I am having difficulty understanding how rules are created and composed. The more time i spent better i get at the whole idea behind it, but still some things are unclear. In my example, i am given two wireshark packets and i have to understand by which(under) snort rules those packets are conceived. [image: Inline image 1] [image: Inline image 2] [image: Inline image 3] Packet 8 [image: Inline image 4] [image: Inline image 5] Here are all the detail about the Frames/Packets 7 and 8. There are generated under specific rule which are specified in snort rule list. I dont have the list to look it up, so i am trying to figure out the rules. Can you please identify these 2 rules? Thanks in advance!! Best, ------------------------------------------------------------ ------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Rules question Atanas Hambardzhiev (Dec 01)
- Re: Rules question Alex McDonnell (Dec 01)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question Chris Pyles (Dec 01)
- Re: Rules question lists (Dec 01)
- Re: Rules question lists (Dec 01)
- Re: Rules question neil ramsarran (Dec 04)
- Re: Rules question Joel Esler (jesler) (Dec 04)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question Wei Chea Ang (Dec 02)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question lists (Dec 01)