Ethereal-users: Re: [Ethereal-users] does anyone have an example filter for the newfeature of se

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Jon Baer" <ethereal@xxxxxxxxxxx>
Date: Fri, 25 Jul 2003 00:01:41 -0700
if you really need to, u can download snort (www.snort.org) and read a
capture "backwards" through the detection engine and log something u are
looking for w/ a rule:

log tcp any any -> any any (msg: "content found"; content="something im
looking for";)

i beleive its the -r switch ...

snort -r file.cap -c file.conf -deb

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47


----- Original Message ----- 
From: "Guy Harris" <guy@xxxxxxxxxxxx>
To: "james jones" <jame_sj@xxxxxxxxx>
Cc: <Ethereal-users@xxxxxxxxxxxx>
Sent: Thursday, July 24, 2003 7:48 PM
Subject: Re: [Ethereal-users] does anyone have an example filter for the
newfeature of searching for arbitrary text in frames?


>
> On Thursday, July 24, 2003, at 7:41 PM, james jones wrote:
>
> > Does anyone have an example filter for the new feature of searching
> > for arbitrary text in frames?
>
> No, because it's not yet implemented in the display filter mechanism.
> The "Find Frame" function is the only place you can use it (i.e., you
> can search for the next frame containing that text, but you cannot yet
> filter the display to show only frames containing that text).
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>