Snort mailing list archives

Previous By Date Next
Previous By Thread Next

HTTP Filtering using Snort

From: Sharon Sahar <sharon.sahar () gmail com>
Date: Sun, 13 Jan 2013 18:40:32 +0200
Hi,


I'm using the latest version of Snort on Linux.
Is there a way of using snort to filter traffic (in RT or from existing
PCAP file) in similar to "Follow TCP stream" in wireshark?
For example, if i have an HTTP get request to specific host  which takes 2
packets and the response that returns occupies 4 packets, is there a
feature/rule syntax in snort that will allow me to filter the whole HTTP
session (all the 6 packets) to this host by hostname

Thanks!

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_123012
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: