Snort mailing list archives
Re: Can Snort detect a download file from internet?
From: Russ via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 21 May 2018 21:30:55 -0400
Snort 3 can detect files using the default conf. It is easy to configure capture, etc. as well.
https://github.com/snort3/snort3.git On 5/21/18 9:06 PM, Antonio Leding wrote:
For easy reference: https://www.snort.org/faq/readme-fileOn May 21, 2018, at 6:04 PM, Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote:Snort can extract files from the network in real time and write them out to disk. Please see the email that Al sent earlier about the README.fileSent from my iPadOn May 21, 2018, at 9:01 PM, Antonio Leding <tech () leding net <mailto:tech () leding net>> wrote:One point of clarification - I have Snort firing off an alert about the file being downloaded and then the packet capture + Wireshark for the follow-on file extraction and analysis.On May 21, 2018, at 5:50 PM, Antonio Leding <tech () leding net <mailto:tech () leding net>> wrote:Not sure if this helps or is relevant but I have always done this using full packet capture + Wireshark. If there is a way to do this directly in Snort, I would be curious to hear…On May 21, 2018, at 5:48 PM, Hào Tài via Snort-sigs <snort-sigs () lists snort org <mailto:snort-sigs () lists snort org>> wrote:Can everyone help me to confirm this point: " Can the Snort detect a file from the internet" ?If yes , how do we config the Snort the get the content file?On Sun, May 20, 2018 at 3:23 PM, Hào Tài <haotai1803 () gmail com <mailto:haotai1803 () gmail com>> wrote:Hello everyone, I am a newbie about Snort. I try to write the snort rule to catch a download JPG file from internet. Here is my rule: >> alert tcp any any <> $HOME_NET any (msg:"JPEG"; content:"|FF D8 FF E0|"; sid:1000001) But it does not work. Do I missing somethings or do I need to config somethings for Snort? Can everybody help me to find out the problem? Thank you. Regards, Tai Ly _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigsPlease visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquetteVisit the Snort.org <http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigsPlease visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquetteVisit the Snort.org <http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigsPlease visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquetteVisit the Snort.org <http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Can Snort detect a download file from internet? Hào Tài via Snort-sigs (May 19)
- Re: Can Snort detect a download file from internet? Hào Tài via Snort-sigs (May 21)
- Re: Can Snort detect a download file from internet? Antonio Leding (May 21)
- Re: Can Snort detect a download file from internet? Antonio Leding (May 21)
- Re: Can Snort detect a download file from internet? Joel Esler (jesler) via Snort-sigs (May 21)
- Re: Can Snort detect a download file from internet? Antonio Leding (May 21)
- Re: Can Snort detect a download file from internet? Russ via Snort-sigs (May 21)
- Re: Can Snort detect a download file from internet? Antonio Leding (May 21)
- Re: Can Snort detect a download file from internet? Hào Tài via Snort-sigs (May 21)
- Message not available
- Re: Can Snort detect a download file from internet? Tai Ly via Snort-sigs (May 22)
- Re: Can Snort detect a download file from internet? Tai Ly via Snort-sigs (May 22)
- Re: Can Snort detect a download file from internet? Al Lewis (allewi) via Snort-sigs (May 22)
- ?????? Can Snort detect a download file from internet? Zer0d0y via Snort-sigs (May 24)
- Re: 回复: Can Snort detect a download file from internet? James via Snort-sigs (May 24)