Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Write Rule Snort alert TCP

From: nguyen cao via Snort-users <snort-users () lists snort org>
Date: Tue, 24 Oct 2017 05:50:16 -0700
I use wireshark to capture packets and detect tcp packets with no content
at all. I use the rule:
alert tcp any any -> no any (msg: "test"; pcre: "/ (% 20) /"; sid: 1000001;
rev: 1; Help me solve the problem

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: