|
|
Question on snorting a pcap file: msg#00130security.ids.snort.bleedingsnort
I have a question: I have a sig that works over the network but doesn't work when I do "snort -r". the content statement gets a hit if the string occurs in the first 100 bytes or so. But if it's way down in the payload it never hits. Only on the "-r" stuff. Same thing over the network catches it every time. You ever see that before? jp ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: services-MMNQ1ylbVXZN8Ch2cx6nig@xxxxxxxxxxxxxxxx |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Warning -- floods of Allaple worm alerts.... sid:200329(2-5): 00130, Russell Fulton |
|---|---|
| Next by Date: | RE: Question on snorting a pcap file: 00130, Matt Jonkman |
| Previous by Thread: | FTP Login sigi: 00130, Matt Jonkman |
| Next by Thread: | RE: Question on snorting a pcap file: 00130, Matt Jonkman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |