Re: Rules question

[Chris Pyles <pyles () rmu edu>]

Atanas/Neil,

I'm having trouble understanding what you are looking to accomplish. You
have pcap files and are trying to determine what snort rules would fire if
that traffic were to happen in production - Is that correct?

Thanks!

Chris

On Thu, Dec 1, 2016 at 9:00 PM neil ramsarran <neilramsarran () hotmail com>
wrote:

> ------------------------------
> *From:* neil ramsarran <neilramsarran () hotmail com>
> *Sent:* Thursday, December 1, 2016 8:43 PM
> *To:* Atanas Hambardzhiev; snort-sigs () lists sourceforge net
> *Subject:* Re: [Snort-sigs] Rules question
>
>
> I'm having the same problem , I cannot seem to get the assignment done
> with running winpractice txt file on the snort. any help will be highly
> appreciated
>
>
> Thanks
>
>
> ------------------------------
> *From:* Atanas Hambardzhiev <atanasn3 () gmail com>
> *Sent:* Wednesday, November 30, 2016 10:16 PM
> *To:* snort-sigs () lists sourceforge net
> *Subject:* [Snort-sigs] Rules question
>
> Hello all,
>
> First i would like to express my gratitude for great snort project you
> have created and the countless hours  you put to make it better and up to
> date.
>
> I am having difficulty understanding how rules are created and composed.
> The more time i spent better i get at the whole idea behind it, but still
> some things are unclear.
>
> In my example, i am given two wireshark packets and i have to understand
> by which(under)  snort rules those packets are conceived.
>
> [image: Inline image 1]
>
> [image: Inline image 2]
> [image: Inline image 3]
>
>
> Packet 8
> [image: Inline image 4]
> [image: Inline image 5]
>
> Here are all the detail about the Frames/Packets 7 and 8.
> There are generated under specific rule which are specified in snort rule
> list. I dont have the list to look it up, so i am trying to figure out the
> rules.
>
> Can you please identify these 2 rules?
>
> Thanks in advance!!
> Best,
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!