Snort mailing list archives
Creating a simple rule.
From: Paul Halliday <paul.halliday () gmail com>
Date: Sat, 19 Nov 2005 16:14:50 -0400
I am just trying to make a couple simple rules but they fail to fire. Can someone just clarify this: I am looking at a TCP packet with ethereal that looks like this: 06 bb 09 75 74 0c e2 c4 00 00 00 00 50 04 00 00 d4 4a 00 I want the rule to fire on the pattern 00 50 04 I have a rule that looks like: content:"|00 50 04|" yet it doesnt fire. Is there something that I have missed? Thanks. ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_idv28&alloc_id845&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Creating a simple rule. Paul Halliday (Nov 19)
- Re: Creating a simple rule. Jason Brvenik (Nov 19)
- Re: Creating a simple rule. Paul Halliday (Nov 19)
- Re: Creating a simple rule. snort user (Nov 19)
- Re: Creating a simple rule. Jason Brvenik (Nov 19)
- Re: Creating a simple rule. Paul Halliday (Nov 19)
- Re: Creating a simple rule. snort user (Nov 19)
- Re: Creating a simple rule. Jason Brvenik (Nov 19)