Re: how to create testing data files??

[waldo kitty <wkitty42 () windstream net>]

On 8/14/2010 19:56, Joel Esler wrote:
> On Aug 14, 2010, at 7:44 PM, waldo kitty<wkitty42 () windstream net>  wrote:
>
> > concerning if within
> > takes into account the distance or not...
> Clarify.

well, i've tried on that other list...

i'll try again over here...

given the following rule structure...

content:"ABC"; content:"EFG"; distance:1; within:10;

which of the following strings do NOT alert and why?

  1. ABCEFG
  2. ABCxEFG
  3. ABCx123456EFG
  4. ABCx1234567EFG
  5. ABCx12345678EFG
  6. ABCx123456789EFG
  7. ABCxx123456EFG
  8. ABCxx1234567EFG
  9. ABCxx12345678EFG
10. ABCxx123456789EFG


[sharp eyes will see that i'm trying to find the "maximal" or "most extreme" or 
"last" data package that will alert]


> > also, there's a question in the above of if the within content must /all/ reside
> > within or if it must only /start/ within...
>
> It must be wholly within the "within" space.

thank you... that answers that one ;)

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users