Snort mailing list archives

Previous By Date Next
Previous By Thread Next

http_client_data and logging

From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Wed, 25 May 2011 22:59:24 +0000
It appears that if you write rules to log on contents within 
http_client_data, then the payload that gets written the first frame 
with payload in it in the stream. This often is not the packet that 
actually contains the content of http_client_data. Anyone else noticing 
this and was this done by design for some reason?

-- Eoin

------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery, 
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now. 
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: