|
|
|
Choosing A Webhost: |
Question on snorting a pcap file: msg#00130security.ids.snort.bleedingsnort
I have a question: I have a sig that works over the network but doesn't work when I do "snort -r". the content statement gets a hit if the string occurs in the first 100 bytes or so. But if it's way down in the payload it never hits. Only on the "-r" stuff. Same thing over the network catches it every time. You ever see that before? jp ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: services-MMNQ1ylbVXZN8Ch2cx6nig@xxxxxxxxxxxxxxxx
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Warning -- floods of Allaple worm alerts.... sid:200329(2-5), Russell Fulton |
|---|---|
| Next by Date: | RE: Question on snorting a pcap file, Matt Jonkman |
| Previous by Thread: | FTP Login sig, Matt Jonkman |
| Next by Thread: | RE: Question on snorting a pcap file, Matt Jonkman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
