[Snort-users] Questions on stream inspection
This is a discussion on [Snort-users] Questions on stream inspection within the Snort forums, part of the System Security and Security Related category; --===============2112656881== Content-Type: multipart/alternative; boundary="----=_Part_4039_25446493.1205786031982" ------=_Part_4039_25446493.1205786031982 Content-Type: text/plain; charset=ISO-8859-1 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-17-2008
|
|||
|
|||
[Snort-users] Questions on stream inspection
--===============2112656881==
Content-Type: multipart/alternative; boundary="----=_Part_4039_25446493.1205786031982" ------=_Part_4039_25446493.1205786031982 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello Guys, Sorry but I have more questions to ask as part of my learning curve :-) - When is a TCP session considered established? Snort manual says for the require_3whs option - Establish sessions only on completion of a SYN/SYN-ACK/ACK handshake. The default is off. - What about UDP and ICMP sessions? - Does Snort inspect each packet belonging to a stream individually or in the context of the stream? More specifically, do the keywords such as depth and offset look for patterns in each packet independently or relative to the start of a session? -- Regards Kam ------=_Part_4039_25446493.1205786031982 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline <div>Hello Guys,</div> <div> </div> <div>Sorry but I have more questions to ask as part of my learning curve :-)</div> <div> </div> <div>- When is a TCP session considered established? Snort manual says for the require_3whs option - Establish sessions only on completion of a SYN/SYN-ACK/ACK handshake. The default is off.</div> <div>- What about UDP and ICMP sessions? </div> <div>- Does Snort inspect each packet belonging to a stream individually or in the context of the stream? More specifically, do the keywords such as depth and offset look for patterns in each packet independently or relative to the start of a session?</div> <div> <br clear="all"><br>-- <br>Regards<br>Kam </div> ------=_Part_4039_25446493.1205786031982-- --===============2112656881== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ --===============2112656881== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============2112656881==-- 
|
Linear Mode
