Solved

wireshark, snort,  how do you look for a bit pattern from a pcap file

Posted on 2010-08-20
3
820 Views
Last Modified: 2013-11-16
$EXTERNAL_NET:any
$SQL_SERVERS:1433
msg:"ET EXPLOIT xp_fileexist access"
flow:to_server,established
content:"x|00|p|00|_|00|f|00|i|00|l|00|e|00|e|00|x|00|i|00|s|00|t|00|"

I have captured a pcap file.  How do I look for this data pattern using wireshark?
0
Comment
Question by:rgbcof
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Galtar99 earned 250 total points
ID: 33488543
Click Edit|Find Packet
Click Hex value or String depending on what you're looking for
Put in your value in the Filter box, click Packet bytes and then find.
0
 

Author Closing Comment

by:rgbcof
ID: 33488636
Very cool.  Which zone is best to ask for snort, wireshark type of questions?
0
 
LVL 6

Expert Comment

by:Galtar99
ID: 33488874
I think the Networking|Protocols Zone would be the closest fit for it.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Preferred Cloud Managed Anti-Virus? 4 107
bit defender blocks good applications 2 107
Upgrade Symantec EndPoint Protection 14 13 371
Kaspersky Antivirus reports 4 85
So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question