Snort mailing list archives
How can i see the payload of extra-packet captured by tag option ????
From: "m.massarenti () cineca it" <m.massarenti () cineca it>
Date: Wed, 15 Oct 2003 12:28:55 +0200
Hi, I'm a new user of Snort. I'm analyzing rule sid.1260 because it is quite common in my database.The rule is matched especially because the string "Authorization\: Basic " is always at the end of the packets.
I don't understand if this happens because this packets are trunked, or because the connection falls down or other...
In order to see the packets following the one that triggered the rule, I added this command to the rule:
"tag session,4,packet,src;"and I obtained that in some cases there are packets added in log-file alert that are not logged in the database used by ACID. How is it possible to observe the payload of the packets that are captured by the command tag and did not trigger any rule?
Thanks, Bye ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How can i see the payload of extra-packet captured by tag option ???? m.massarenti () cineca it (Oct 15)