Re: Are the rules not being read?

[Joel Esler <jesler () sourcefire com>]

Are you trying to generate the traffic on the same machine you are  
sniffing on?

--
Joel Esler
Sent from my iPhone

On Apr 26, 2010, at 3:18 AM, Eric Zheng <zhengeric () hotmail com> wrote:

> I have set up snort successfully and I can get it to read pings to  
> websites and scan packets.  However, I am testing out the chat rules  
> which should trigger an alert whenever I sign onto MSN or Yahoo but  
> it does not seem to do anything whenever I sign in and talk to  
> people.  I have it enabled in snort.conf (took away the # sign) and  
> see that chat.rules is in the rules directory.  Anyone know any  
> possible causes of this?  Thank you.
>
> PS:  I'm also getting a lot of 1384 "malformed advertisement" alerts  
> which I believe to be false positives.  Any way to correct this?   
> Thanks.
>
> The New Busy is not the too busy. Combine all your e-mail accounts  
> with Hotmail. Get busy.
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users