'[Snort-users] Write Rule Snort alert TCP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [Snort-users] Write Rule Snort alert TCP
From:       nguyen cao via Snort-users <snort-users () lists ! snort ! org>
Date:       2017-10-24 12:50:16
Message-ID: CAK5dsQJ-aoh9PmGex9icW03nKdzhVuQCJHN+oeo7tJa14uHzvg () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

I use wireshark to capture packets and detect tcp packets with no content
at all. I use the rule:
alert tcp any any -> no any (msg: "test"; pcre: "/ (% 20) /"; sid: 1000001;
rev: 1; Help me solve the problem

[Attachment #5 (text/html)]

<div dir="ltr"><div>I use wireshark to capture packets and detect tcp packets with no \
content at all. I use the rule:</div><div>alert tcp any any -&gt; no any (msg: \
&quot;test&quot;; pcre: &quot;/ (% 20) /&quot;; sid: 1000001; rev: 1; Help me solve \
the problem</div></div>

_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

[prev in list] [next in list] [prev in thread] [next in thread] 