Solved

wireshark, snort,  how do you look for a bit pattern from a pcap file

Posted on 2010-08-20
3
816 Views
Last Modified: 2013-11-16
$EXTERNAL_NET:any
$SQL_SERVERS:1433
msg:"ET EXPLOIT xp_fileexist access"
flow:to_server,established
content:"x|00|p|00|_|00|f|00|i|00|l|00|e|00|e|00|x|00|i|00|s|00|t|00|"

I have captured a pcap file.  How do I look for this data pattern using wireshark?
0
Comment
Question by:rgbcof
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Galtar99 earned 250 total points
ID: 33488543
Click Edit|Find Packet
Click Hex value or String depending on what you're looking for
Put in your value in the Filter box, click Packet bytes and then find.
0
 

Author Closing Comment

by:rgbcof
ID: 33488636
Very cool.  Which zone is best to ask for snort, wireshark type of questions?
0
 
LVL 6

Expert Comment

by:Galtar99
ID: 33488874
I think the Networking|Protocols Zone would be the closest fit for it.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question