Snort mailing list archives
Re: [Snort] - match entire session
From: william de ping via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 6 Jul 2020 09:00:02 +0300
Tagging only works on capturing succeive packets after a successful match, correct ? I want to capture a few packets in the session prior to the matched packet. On Mon, Jul 6, 2020 at 5:51 AM Al Lewis (allewi) <allewi () cisco com> wrote:
Have you tried tagging the session? http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION00475000000000000000 *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com *From: *Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of william de ping via Snort-sigs <snort-sigs () lists snort org> *Reply-To: *william de ping <bill.de.ping () gmail com> *Date: *Sunday, July 5, 2020 at 9:50 AM *To: *"snort-sigs () lists snort org" <snort-sigs () lists snort org> *Subject: *[Snort-sigs] [Snort] - match entire session Hi all, Does anyone know a way to capture the entire session even if the signature is matched on the 4th packet of a session ? I would somehow like to get the 2nd and 3rd packets of that session Thank you very much B
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- [Snort] - match entire session william de ping via Snort-sigs (Jul 05)
- Re: [Snort] - match entire session Al Lewis (allewi) via Snort-sigs (Jul 05)
- Re: [Snort] - match entire session william de ping via Snort-sigs (Jul 05)
- Re: [Snort] - match entire session Al Lewis (allewi) via Snort-sigs (Jul 05)