Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] Web Traffic Rule

from [Zakai Kinan] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] Web Traffic Rule
Date: Wed, 13 Feb 2008 19:30:23 -0800 (PST) 
the web server log does not work for you?


ZK



--- Michael Wisniewski <wiz561@gmail.com> wrote:


Hi!

I need to monitor internet traffic with who goes to
which URL and
path. I've done a search here, and people say to use
'squid'. However,
I already setup snort and would like to do other
things with it in the
future.

If anybody can suggest a rule that I can use to
accomplish this,
please let me know.  I've tried this rule...

alert tcp any any -> any 80 (msg:"general web
traffic";content:"GET";sid:900001; rev:1;)

And it works, but it logs the whole payload, and I'm
just interested
in the IP and the path the user went to.

Thanks...



-------------------------------------------------------------------------

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio
2008.


http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net


https://lists.sourceforge.net/lists/listinfo/snort-sigs






      
____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] [Emerging-Sigs] Emerging Threats Daily Signature Changes, Matt Jonkman
Next by Date:  Re: [Snort-sigs] testing snort signature with uri content, MD B Zaman L
Previous by Thread:  Re: [Snort-sigs] Web Traffic Rule, Michael Wisniewski
Next by Thread:  Re: [Snort-sigs] Web Traffic Rule, Jamie Riden
Indexes:  [Date] [Thread] [Top] [All Lists]