Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http_client_data and logging

From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 25 May 2011 17:21:01 -0600
Do you get the same results in the pcap versus unified?

On 5/25/11 4:59 PM, "Eoin Miller" <eoin.miller () trojanedbinaries com> wrote:


It appears that if you write rules to log on contents within
http_client_data, then the payload that gets written the first frame
with payload in it in the stream. This often is not the packet that
actually contains the content of http_client_data. Anyone else noticing
this and was this done by design for some reason?

-- Eoin

--------------------------------------------------------------------------
----
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery, 
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now. 
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: