Snort mailing list archives
snort signatures
From: praveen kundurthi <praveen_kundurthi () yahoo com>
Date: Sat, 31 Jul 2004 00:06:22 -0700 (PDT)
Hi We simulated the snort signatures by creating the TCP packets, UDP packets, IP and ICMP..We were exactly simulating the signature rules by using a traffic generator which generates a particular TCP or UDP or IP or ICMP packets..Then we are catching those packets using Ethereal..Then we are modifying the packets using a Hex editor to exactly simulate a signature rule.. Here is a problem for me..I created a directory packets which got sub-directories like TCP, UDP IP and ICMP..I got the packets in the respective directories..Our engine will read the packet as a file, runs and we got to give the SID of the packet as the command line and our engine will generate an alarm...How can I automate it.. I mean if I give UDP as the command line argument engine should go through the directory and read all the packets and generate alarms..same for TCP <IP and ICMP..Can I get a code for that.. Regards _______________________________ Do you Yahoo!? Express yourself with Y! Messenger! Free. Download now. http://messenger.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort signatures praveen kundurthi (Jul 31)