Snort mailing list archives

How can i see the payload of extra-packet captured by tag option ????

From: "m.massarenti () cineca it" <m.massarenti () cineca it>
Date: Wed, 15 Oct 2003 12:28:55 +0200

Hi,
I'm a new user of Snort.
I'm analyzing rule sid.1260 because it is quite common in my database.

The rule is matched especially because the string "Authorization\: Basic" is always at the end of the packets.

I don't understand if this happens because this packets are trunked, orbecause the connection falls down or other...

In order to see the packets following the one that triggered the rule, Iadded this command to the rule:

"tag session,4,packet,src;"

and I obtained that in some cases there are packets added in log-filealert that are not logged in the database used by ACID.How is it possible to observe the payload of the packets that arecaptured by the command tag and did not trigger any rule?

Thanks,
Bye



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How can i see the payload of extra-packet captured by tag option ???? m.massarenti () cineca it (Oct 15)