Snort mailing list archives
Re: Fwd: [snort-user] About packet content
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 6 Sep 2013 09:00:13 -0400
So, you are asking if we can know the content of the traffic, before the traffic arrives? On Fri, Sep 6, 2013 at 1:52 AM, Mayur Patil <ram.nath241089 () gmail com> wrote:
hello,
I have one question might be foolish......
In snort rule we define content for packets
like content:|00 36 90 23 08|
is there anyway to know what content does incoming data is having
before attack is performed ? Any prototype which defines specific
structure ?
Seeking for guidance,
Thanks !
--
Cheers,
Mayur.
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort
news!
-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- [snort-user] About packet content Mayur Patil (Sep 05)
- Fwd: [snort-user] About packet content Mayur Patil (Sep 05)
- Re: Fwd: [snort-user] About packet content Joel Esler (Sep 06)
- Re: Fwd: [snort-user] About packet content Mayur Patil (Sep 06)
- Re: Fwd: [snort-user] About packet content Jefferson, Shawn (Sep 06)
- Re: Fwd: [snort-user] About packet content Joel Esler (Sep 06)
- Re: Fwd: [snort-user] About packet content Joel Esler (Sep 06)
- Fwd: [snort-user] About packet content Mayur Patil (Sep 05)