Snort mailing list archives
Re: Rules question
From: neil ramsarran <neilramsarran () hotmail com>
Date: Fri, 2 Dec 2016 01:59:58 +0000
________________________________ From: neil ramsarran <neilramsarran () hotmail com> Sent: Thursday, December 1, 2016 8:43 PM To: Atanas Hambardzhiev; snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] Rules question I'm having the same problem , I cannot seem to get the assignment done with running winpractice txt file on the snort. any help will be highly appreciated Thanks ________________________________ From: Atanas Hambardzhiev <atanasn3 () gmail com> Sent: Wednesday, November 30, 2016 10:16 PM To: snort-sigs () lists sourceforge net Subject: [Snort-sigs] Rules question Hello all, First i would like to express my gratitude for great snort project you have created and the countless hours you put to make it better and up to date. I am having difficulty understanding how rules are created and composed. The more time i spent better i get at the whole idea behind it, but still some things are unclear. In my example, i am given two wireshark packets and i have to understand by which(under) snort rules those packets are conceived. [Inline image 1] [Inline image 2] [Inline image 3] Packet 8 [Inline image 4] [Inline image 5] Here are all the detail about the Frames/Packets 7 and 8. There are generated under specific rule which are specified in snort rule list. I dont have the list to look it up, so i am trying to figure out the rules. Can you please identify these 2 rules? Thanks in advance!! Best,
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Rules question Atanas Hambardzhiev (Dec 01)
- Re: Rules question Alex McDonnell (Dec 01)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question Chris Pyles (Dec 01)
- Re: Rules question lists (Dec 01)
- Re: Rules question lists (Dec 01)
- Re: Rules question neil ramsarran (Dec 04)
- Re: Rules question Joel Esler (jesler) (Dec 04)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question Wei Chea Ang (Dec 02)
- Re: Rules question neil ramsarran (Dec 01)
- Re: Rules question lists (Dec 01)