Snort mailing list archives

Re: Rules question

From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Thu, 1 Dec 2016 08:55:52 -0500

Hi Atanas,

you can download the list of snort rules to help you figure this out from
https://snort.org/downloads/#rule-downloads.

thanks
Alex McDonnell

On Wed, Nov 30, 2016 at 10:16 PM, Atanas Hambardzhiev <atanasn3 () gmail com>
wrote:

Hello all,

First i would like to express my gratitude for great snort project you
have created and the countless hours  you put to make it better and up to
date.

I am having difficulty understanding how rules are created and composed.
The more time i spent better i get at the whole idea behind it, but still
some things are unclear.

In my example, i am given two wireshark packets and i have to understand
by which(under)  snort rules those packets are conceived.

[image: Inline image 1]

[image: Inline image 2]
[image: Inline image 3]


Packet 8
[image: Inline image 4]
[image: Inline image 5]

Here are all the detail about the Frames/Packets 7 and 8.
There are generated under specific rule which are specified in snort rule
list. I dont have the list to look it up, so i am trying to figure out the
rules.

Can you please identify these 2 rules?

Thanks in advance!!
Best,

------------------------------------------------------------
------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure
to stay up to date to catch the most <a href="
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Rules question Atanas Hambardzhiev (Dec 01)
- Re: Rules question Alex McDonnell (Dec 01)
- Re: Rules question neil ramsarran (Dec 01)
  - Re: Rules question neil ramsarran (Dec 01)
    - Re: Rules question Chris Pyles (Dec 01)
  - Re: Rules question lists (Dec 01)
    - Re: Rules question lists (Dec 01)
    - Re: Rules question neil ramsarran (Dec 04)
    - Re: Rules question Joel Esler (jesler) (Dec 04)
  - Re: Rules question Wei Chea Ang (Dec 02)
    - Re: Rules question neil ramsarran (Dec 01)
    - Re: Rules question lists (Dec 01)