Snort mailing list archives
How to write rules for detecting out Network traffic on port 80
From: 刘栋 via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 28 Nov 2019 11:25:27 +0800 (CST)
1.I set up an http service and snort in my virtual machine ubuntu 16.04. I wrote a test rule:'alert tcp any 80 -> any any (msg: "test 80 port"; sid: 10000001)', when I access the http service no alert output in snort,what's the problem? I want to monitor what the local http server responds to the client,how to write rules. thanks! 2. snort -V: root@ubuntu:/etc/snort/rules# snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.15 GRE (Build 7) '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.7.4 Using PCRE version: 8.38 2015-11-23 Using ZLIB version: 1.2.8 3. start snort snort -A console -q -c /etc/snort/snort.conf -i ens33
Attachment:
snort.conf
Description:
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- How to write rules for detecting out Network traffic on port 80 刘栋 via Snort-sigs (Nov 30)
- Re: How to write rules for detecting out Network traffic on port 80 wkitty42--- via Snort-sigs (Nov 30)
- Re: How to write rules for detecting out Network traffic on port 80 Patrick Willi via Snort-sigs (Dec 02)