Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort] - match entire session

From: "Al Lewis \(allewi\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Mon, 6 Jul 2020 02:51:42 +0000
Have you tried tagging the session?

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION00475000000000000000



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>



From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of william de ping via Snort-sigs <snort-sigs () 
lists snort org>
Reply-To: william de ping <bill.de.ping () gmail com>
Date: Sunday, July 5, 2020 at 9:50 AM
To: "snort-sigs () lists snort org" <snort-sigs () lists snort org>
Subject: [Snort-sigs] [Snort] - match entire session

Hi all,

Does anyone know a way to capture the entire session even if the signature is matched on the 4th packet of a session ?
I would somehow like to get the 2nd and 3rd packets of that session

Thank you very much
B

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: