Snort mailing list archives

Re: Question

From: Jim Campbell <jim () w4bqp net>
Date: Fri, 22 Sep 2017 17:25:06 -0400

Will,

If you hover your cursor over the [snort<http://www.snort.org/search/sid/120-3>] at the beginning of the Alert,you will see the GID-SID at the bottom of the page.


Jim

On 9/22/2017 11:46 AM, William Pearson wrote:

I'm using BASE, and the results snort is giving me is beyond vague. Ipresume this is an issue with the rules and preprocessing. I couldn'tcare less about what preprocessor is being used. I'm singularlyinterested in the actual rule. Why won't it show me the message fieldin the actual rules?
[snort <http://www.snort.org/search/sid/120-3>] http_inspect: NOCONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
Will





_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Question William Pearson (Sep 22)
- Re: Question wkitty42 (Sep 22)
- Re: Question Jim Campbell (Sep 22)
  - Re: Question William Pearson (Sep 22)
    - Re: Question wkitty42 (Sep 23)