Re: [Snort-devel] Content across multiple packets Not detected by Snort

From: Dennis George <easyeinfo(at)yahoo.com>
Date: Tue Apr 27 2004 - 01:42:23 EDT

Hi Marty,  

Here with this mail I am sending the pcaps of my traffic.... It contains other traffic also. I am testing snort by creating a server client program... My server is listening to port no 3131 and the client is sending data to the same port (3131). So check for the 3131 port in the pcaps.  

Thanks and regards  

Dennis

Martin Roesch <roesch@sourcefire.com> wrote: No, I meant do you have binary packet capture files (pcaps) of the traffic that you're having trouble with? To generate them simply, run 'tcpdump -w packets.pcap' and run your traffic, that should record the traffic and put it in a format that can be played back through Snort.

-Marty                 

---

Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs

---

This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-develReceived on Tue Apr 27 01:46:36 2004