Snort mailing list archives
Re: Fwd: [snort-user] About packet content
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Fri, 6 Sep 2013 11:06:03 -0600
Maybe some sort of "racial profiling" for packets? ;) I think that maybe the Mayur might mean, what are the structures that we're looking at? If so, that's the packet structure itself, and then the structure of any application data riding on top of those. You need to do some research if you are expecting to write rules to detect anomalies and attacks in those structures. If that's not what you meant, then maybe you are looking more for anomaly detection or similar, which I don't think Snort really does particularly. -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Friday, September 06, 2013 6:00 AM To: Mayur Patil Cc: snort-users () lists sourceforge net; Bill Parker Subject: Re: [Snort-users] Fwd: [snort-user] About packet content So, you are asking if we can know the content of the traffic, before the traffic arrives? On Fri, Sep 6, 2013 at 1:52 AM, Mayur Patil <ram.nath241089 () gmail com> wrote:
hello, I have one question might be foolish...... In snort rule we define content for packets like content:|00 36 90 23 08| is there anyway to know what content does incoming data is having before attack is performed ? Any prototype which defines specific structure ? Seeking for guidance, Thanks ! -- Cheers, Mayur. ---------------------------------------------------------------------- -------- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.c lktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- [snort-user] About packet content Mayur Patil (Sep 05)
- Fwd: [snort-user] About packet content Mayur Patil (Sep 05)
- Re: Fwd: [snort-user] About packet content Joel Esler (Sep 06)
- Re: Fwd: [snort-user] About packet content Mayur Patil (Sep 06)
- Re: Fwd: [snort-user] About packet content Jefferson, Shawn (Sep 06)
- Re: Fwd: [snort-user] About packet content Joel Esler (Sep 06)
- Re: Fwd: [snort-user] About packet content Joel Esler (Sep 06)
- Fwd: [snort-user] About packet content Mayur Patil (Sep 05)