Snort mailing list archives

How to write rules for detecting out Network traffic on port 80

From: 刘栋 via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 28 Nov 2019 11:25:27 +0800 (CST)

1.I set up an http service and snort in my virtual machine ubuntu 16.04. I wrote a test rule:'alert tcp any 80 -> any 
any (msg: "test 80 port"; sid: 10000001)', when I access the http service  no alert output in snort,what's the problem?
I want to monitor what the local http server responds to the client，how to write rules. thanks!


2. snort -V:
root@ubuntu:/etc/snort/rules# snort -V


   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.15 GRE (Build 7) 
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
           Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.7.4
           Using PCRE version: 8.38 2015-11-23
           Using ZLIB version: 1.2.8


3. start snort
snort -A console -q -c /etc/snort/snort.conf -i ens33

Attachment: snort.conf
Description:

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

How to write rules for detecting out Network traffic on port 80 刘栋 via Snort-sigs (Nov 30)
- Re: How to write rules for detecting out Network traffic on port 80 wkitty42--- via Snort-sigs (Nov 30)
- Re: How to write rules for detecting out Network traffic on port 80 Patrick Willi via Snort-sigs (Dec 02)