Snort mailing list archives

Re: Snort 2.1 Intrusion Detection Book - CD ROM file

From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Fri, 29 Sep 2017 20:01:57 +0000

Hello,

Snort 2.1 is SEVERELY outdated so I wont be able to help you with the cdrom stuff sorry… :-(

But … here is a pcap (one packet) with the urg pointer set and the urgent pointer value set to zero (attached).

If this isnt what you need or you need more let us know :-)

Thanks!


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of 
Ibrahim Ahmed via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>>
Reply-To: Ibrahim Ahmed <ibrahim10.h () gmail com<mailto:ibrahim10.h () gmail com>>
Date: Friday, September 29, 2017 at 2:59 PM
To: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort 
org<mailto:snort-users () lists snort org>>
Subject: [Snort-users] Snort 2.1 Intrusion Detection Book - CD ROM file

Hi everyone.

I'm going through the book "Snort 2.1 Intrusion Detection" by Baker, Caswell, and Poor.

In Chapter 4, 'Inner Workings', the authors guide the user through writing their own detection plugin. To test the 
plugin, they require use of the book's accompanying CD-ROM, which they state contains "... a pcap file with an urg 
flag, with the tcp urgent pointer value of 0."

I've looked in the CD-ROM's "\Bin\05\libpcap-0.8.3\" directory and its subdirectories and files and am unable to locate 
the string "urg" or "tcp_urg" in any of the files named "pcap".

Has anyone previously been able to find such a pcap file in the CD? Is there an alternate way to create such a file 
with the specified 'urg flag'?

Many thanks,
Ibrahim

Attachment: ibrahim.pcap
Description: ibrahim.pcap

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort 2.1 Intrusion Detection Book - CD ROM file Ibrahim Ahmed via Snort-users (Sep 29)
- Re: Snort 2.1 Intrusion Detection Book - CD ROM file Al Lewis (allewi) via Snort-users (Sep 29)