Snort mailing list archives

Re: ICQ Rule

From: "Jarret Gibson" <jarret () osa comax com>
Date: Tue, 29 Oct 2002 15:38:16 -0500

Are you wanting a snort alert rule for any time someone uses ICQ?

Or are you wanting a filter rule for something like Ethereal to capture packets?

Jarret
  ----- Original Message ----- 
  From: Derrick Lichti 
  To: snort-users () lists sourceforge net 
  Sent: Tuesday, October 29, 2002 1:59 PM
  Subject: [Snort-users] ICQ Rule

  Hi All;

  I'm looking for a rule that would grab any packets from a client using ICQ. Does anybody know of any unique 
information that lies in ICQ message packets? Unfortunately, I don't have a method of testing this myself or else I 
would have grab packets and looked.

  Thanks!

  Derrick

Current thread:

ICQ Rule Derrick Lichti (Oct 29)
- Re: ICQ Rule Jarret Gibson (Oct 29)
- <Possible follow-ups>
- RE: ICQ Rule Derrick Lichti (Oct 29)
  - Re: ICQ Rule Jarret Gibson (Oct 29)