|
Home > Archive > Snort > September 2004 > [Snort-users] Tagged Packet
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Snort-users] Tagged Packet
|
|
| Rowland, Krisa W ERDC-ITL-MS Contractor 2004-09-28, 5:47 pm |
| This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C4A572.0C7AACBC
Content-Type: text/plain
I am suddenly getting all these Tagged Packet alerts. Seems like I turned
this off before - can someone remind me how to do this?
------_=_NextPart_001_01C4A572.0C7AACBC
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2655.35">
<TITLE>Tagged Packet</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2 FACE=3D"Arial">I am suddenly getting all these Tagged =
Packet alerts. Seems like I turned this off before - can someone =
remind me how to do this?</FONT></P>
<BR>
</BODY>
</HTML>
------_=_NextPart_001_01C4A572.0C7AACBC--
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Dirk Geschke 2004-09-28, 5:47 pm |
| Hi,
> I am suddenly getting all these Tagged Packet alerts. Seems like I turned
> this off before - can someone remind me how to do this?
either remove the tag field from the snort rules or only watch for
alerts. The tagged packets are send to the log facility.
Best regards
Dirk
--
+-------------------------------------------------------------+
| Dr. Dirk Geschke | E-mail: geschke@genua.de |
| Gesellschaft fuer Netzwerk | Tel. : +49-(0)-89-991950-131 |
| und Unix Administration mbH | Fax : +49-(0)-89-991950-999 |
| 85551 Kirchheim / Germany | Domagkstrasse 7 |
+-------------------------------------------------------------+
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjourn...guidepromo.tmpl
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Esler, Joel - Contractor 2004-09-28, 5:47 pm |
| This is a multi-part message in MIME format.
------_=_NextPart_001_01C4A58F.553F2A02
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
tagged packets... look for a rule with the keyword "tag:" in it.
usually tagged sessions are important. tagged sessions are especially
helpful if you are logging in binary mode, you can reconstruct the
session.
=20
J
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Rowland,
Krisa W ERDC-ITL-MS Contractor
Sent: Tuesday, September 28, 2004 11:45 AM
To: 'snort-users@lists.sourceforge.net'
Subject: [Snort-users] Tagged Packet
I am suddenly getting all these Tagged Packet alerts. Seems like I
turned this off before - can someone remind me how to do this?
------_=_NextPart_001_01C4A58F.553F2A02
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D776191319-28092004><FONT face=3DArial color=3D#0000ff =
size=3D2>tagged=20
packets... look for a rule with the keyword "tag:" in it. usually =
tagged=20
sessions are important. tagged sessions are especially helpful if =
you are=20
logging in binary mode, you can reconstruct the =
session.</FONT></SPAN></DIV>
<DIV><SPAN class=3D776191319-28092004><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D776191319-28092004><FONT face=3DArial color=3D#0000ff =
size=3D2>J</FONT></SPAN></DIV>
<BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
snort-users-admin@lists.sourceforge.net=20
[mailto:snort-users-admin@lists.sourceforge.net] <B>On Behalf Of =
</B>Rowland,=20
Krisa W ERDC-ITL-MS Contractor<BR><B>Sent:</B> Tuesday, September 28, =
2004=20
11:45 AM<BR><B>To:</B> =
'snort-users@lists.sourceforge.net'<BR><B>Subject:</B>=20
[Snort-users] Tagged Packet<BR><BR></FONT></DIV>
<P><FONT face=3DArial size=3D2>I am suddenly getting all these Tagged =
Packet=20
alerts. Seems like I turned this off before - can someone remind =
me how=20
to do this?</FONT></P><BR></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C4A58F.553F2A02--
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjourn...guidepromo.tmpl
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
|
|
|
|
|