Re: HTTP reassembly problem

[João Lima <joao.pedro.paulino.lima () gmail com>]

Yes it was really that option I was looking for...

It's a shame that it's not possible to configure the output to store the
reassembled packets.

I think it would be a nice and quite useful feature to have in a future
release. Is it possible to submit this as a feature request??

João Lima

2012/10/10 Russ Combs <rcombs () sourcefire com>

> On Wed, Oct 10, 2012 at 4:41 PM, waldo kitty <wkitty42 () windstream net>wrote:
>
> > On 10/10/2012 12:28, Russ Combs wrote:
> > [...]
> > > You can also add show_rebuilt_packets to stream5_global and use with -A
> > cmg to
> > > see reassembled packets so you know how to tweak your rule.
> >
> > i'll bet that this is the option that João Lima is looking for...
> >
> > 1. will this also cause them to be logged in the file(s)??
>
> No.  This is strictly for debugging rules, etc.
>
>
> > 2. what version of snort did this option first appear in?
>
> Not sure, but it was long ago and far away.
>
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!