Re: [Snort-users] BASE Payload Search
This is a discussion on Re: [Snort-users] BASE Payload Search within the Snort forums, part of the System Security and Security Related category; On 7/5/07, Humes, David G. <David.Humes@jhuapl.edu> wrote: > > Hey Everyone, > We ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-05-2007
|
|||
|
|||
Re: [Snort-users] BASE Payload Search
On 7/5/07, Humes, David G. <David.Humes@jhuapl.edu> wrote:
> > Hey Everyone, > We use BASE for watching our Snort alerts, and would really like to be able > to do a payload search. But it does not appear to work. I saw some early > posts about this on the BASE list saying that it never worked in ACID. Does > anyone have this working? I'm running BASE 1.3.6. I've already posted this > on the BASE list and haven't received any replies. I though it might get a > little more visibility over here. My process flow for searching is: It works for me(TM). I'm using Base 1.3.6. Input Criteria Encoding Type: ascii Convert To (when searching): hex has USER Where USER is the string I'm searching for. Sometimes it's easier to search using hex. Input Criteria Encoding Type: hex Convert To (when searching): hex has 55534552 Where 55534552 is the search string. Notice there are no spaces between the hex numbers. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
