Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: File extraction during http/ftp transaction

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 11 Mar 2015 13:30:30 +0000

On Mar 11, 2015, at 9:23 AM, Rishabh Shah <rishabh420 () gmail com<mailto:rishabh420 () gmail com>> wrote:

Hi Snort Team,

Is it possible to extract any file during http/ftp transactions? The HTTP preprocessor makes it possible to read the 
HTTP URI/content. Does snort have the intelligence to extract the file during any transfer?


Beginning with 2.9.6.0, Snort has had the ability to extract files from streams and write them to disk.

Check out the README: https://www.snort.org/faq/readme-file

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: