[Snort-users] inverse snort rule

From: yavuz gokirmak <ygokirmak_at_nospam>
Date: Fri May 22 2009 - 07:27:55 GMT
To: snort-users@lists.sourceforge.net

Hi all,

I am a new user of snort, I have a question about snort usage.

I have a file of pcap data ( read vie tcpdump -r)

Assume we have some rules A,B,C,D and E.

I want to log unrecognized packets, I mean, Packets which matches none of the A,B,C,D,E rules...

is it possible,

Can I take the inverse of the whole rule to create new rule like " !A and !B and !C and !D and !E" ?

thanks in advance,

yavuz...

Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message: [ Message body ]
Next message: Jason Wallace: "Re: [Snort-users] inverse snort rule"
Previous message: Mark Senior: "[Snort-users] Snort insists on writing to .\log\alert.ids"
Next in thread: Jason Wallace: "Re: [Snort-users] inverse snort rule"
Reply: Jason Wallace: "Re: [Snort-users] inverse snort rule"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]