Snort mailing list archives
Re: SMB PREPROCESSOR
From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Mon, 31 Dec 2018 19:56:39 +0000
Can you share the rule, the conf file and pcap? It may be easier to help if you show what your working with. Albert Lewis ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-users <snort-users-bounces () lists snort org> on behalf of sec hot via Snort-users <snort-users () lists snort org> Reply-To: sec hot <sechot44 () gmail com> Date: Monday, December 31, 2018 at 2:55 PM To: "snort-users () lists snort org" <snort-users () lists snort org> Subject: [Snort-users] SMB PREPROCESSOR Hi How preprocessor work? I create smb rule that detect content in smb packet, for some reason the rule is not trigger all time, i am send the same packet over and over and only for the third time the rule is trigger, is it related to the smb pre process? Why is that?
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- SMB PREPROCESSOR sec hot via Snort-users (Dec 31)
- Re: SMB PREPROCESSOR Al Lewis (allewi) via Snort-users (Dec 31)
- Re: SMB PREPROCESSOR sec hot via Snort-users (Dec 31)
- Re: SMB PREPROCESSOR Al Lewis (allewi) via Snort-users (Dec 31)